4images Forum & Community

4images Help / Hilfe => Bug Fixes & Patches => Topic started by: Jan on October 16, 2006, 10:25:09 AM

Title: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Jan on October 16, 2006, 10:25:09 AM
Security fix for Cross-Site Scripting Vulnerability

Open global.php and search for

Code: [Select]
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));in Version 1.7.2 and 1.7.3 or
Code: [Select]
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));in Version 1.7.1 and 1.7.

Add the following line below

Code: [Select]
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: mawenzi on October 16, 2006, 12:45:50 PM
... thanks Jan and Kai ...
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Bugfixed on October 16, 2006, 07:47:10 PM
thanks jan  :wink:
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: honda2000 on October 16, 2006, 11:33:23 PM
ist das in Version 1.7.1 die Zeile??

Code: [Select]
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));

die Zeile
Code: [Select]
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

find oder hab ich gar nicht
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: colorssky on October 17, 2006, 01:54:09 AM
thanx

done! :wink:
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: __G__ on October 17, 2006, 04:03:43 AM
thanks i am done :D
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Jan on October 17, 2006, 09:51:44 AM
ist das in Version 1.7.1 die Zeile??

Code: [Select]
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));

die Zeile
Code: [Select]
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

find oder hab ich gar nicht
Ja, ich hab den ersten Post entsprechend aktualisiert.
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: honda2000 on October 17, 2006, 10:33:18 AM
supi!! Danke!!!
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Eng_Man on October 18, 2006, 12:48:51 AM
thanks
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Heinrich-Uwe on October 19, 2006, 01:04:34 PM
 :roll:
Hallo Jan;
Dumme Frage von mir  :roll:
Werden die Security fix gleich mit in den Download Packet mit eingearbeitet oder mus man das immer extra machen ???
Danke für die Antwort...
# :lol:
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Jan on October 19, 2006, 01:35:12 PM
Nein, die Fixes werden nur in neue Versionen eingearbeitet. Du musst den Patch also manuell einfügen. Eine neue Bugfix-Version ist schon in Arbeit.
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: wh-em on October 19, 2006, 10:06:18 PM
hi
sory for bad english :)


is the New version 4images 1.7.3 released
in the Download page

http://www.4homepages.de/4images/download.php

fixed??


and thanks
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: wh-em on October 20, 2006, 02:31:34 AM
thanks

there is 2 news in news box

did I must do it manually ??

and we wait the new fixed version


by
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: egyptsons on October 21, 2006, 12:18:40 PM
:arrow: Done ThanX Jan  8)
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: RoadDogg on October 21, 2006, 10:01:40 PM
Thank you verry much!
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: devilsoulblack on October 21, 2006, 10:43:33 PM
thanks dude
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: ahmad on October 21, 2006, 10:56:35 PM
Thanks for the fix dude
updating my gallery now !
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: beach-baer on October 21, 2006, 11:02:23 PM
Das klappt wie immer Prima bei euch :D, Thanks
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Sternie on October 21, 2006, 11:04:50 PM
kann mir das bitte nochmal jemand verdeutschen, um was für ein Security Fix es sich handelt und wo genau ich die Zeile einsetzen soll? Genau unter die Zeile zwischen die Zeile und der darunterbefindlichen klammer?
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Nicky on October 21, 2006, 11:13:27 PM
damit wird eine sicherheits lücke geschlossen

wenn du v 1.7.2 oder 1.7.3 hast
öffne global.php und suche nach
Code: [Select]
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));

oder wenn du 1.7 bis 1.7.1 hast
suche nach
Code: [Select]
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));

gleich drunter füge diese zeile ein

Code: [Select]
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);

so.. hoffe dies war in gutem deutsch :)

grüsse von einem nicht deutschen ;)
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Sternie on October 21, 2006, 11:21:10 PM
danke Nicky  :D grade bei solchen 'komplizierten' Sachen in denen ich mich absolut nicht auskenne bin ich mir in meinem Stolperenglisch immer zu unsicher irgendetwas auf GutGlück zu machen :)

War eine gute deutsche Anweisung :)

Sieht jetzt bei mir so aus:

$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
  $mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
}

richtig?
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Nicky on October 21, 2006, 11:24:09 PM
schönheitsfehler *g*

Code: [Select]
  $mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
  $mode = preg_replace("/[^a-z0-9]+/i", "", $mode);

so ist viel schöner ;)
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Sternie on October 21, 2006, 11:26:44 PM
danke schön, so steht es auch in der Datei, hab hier aber diese Codebox zum Posten nicht gefunden  :oops:
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: ladyoz on October 22, 2006, 12:32:34 AM
Thanks muchly guys  :D
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Stinus on October 22, 2006, 01:03:52 AM
Thank you verry much. :wink:
Updatet.
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: haythamghareeb on October 22, 2006, 01:43:04 AM
Thanks  :lol:
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Matpatnik on October 22, 2006, 03:17:09 AM
cool thank you :D
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Playgirl on October 22, 2006, 06:12:07 AM
Thank you :D
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Syslord on October 22, 2006, 10:11:54 AM
Nice Thank you
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Adson on October 22, 2006, 10:12:30 AM
Hi,

ein Gedanke... Die Danksagungen sind super und auch sehr gut. Nur machen sie es u.U. ziemlich unübersichtlich, zu technischen INhalten zu kommen. Man kann dadurch leicht was übersehen. Kann man die nicht ausserhalb des eigentlichen Threads anbringen?

Übrigens Jan: Danke.

 :)

Grüße, Jörg
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: medo007 on October 22, 2006, 01:35:57 PM
Thank you very much! :D
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: KimmyMarie on October 22, 2006, 04:23:05 PM
Thank you very much Jan!





Best wishes,
Kimmy
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Fotopez on October 22, 2006, 04:56:43 PM
Dankeschön!  :)
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: theking6 on October 22, 2006, 06:09:24 PM
Vielen herzlichen Dank
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: linux_rh on October 22, 2006, 07:50:04 PM
first of all  i would thank 4images group for sending me  this massege  for  fixing  the bug in 4images

every thing is done

the bugs fix

thank you agian

Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Zhra on October 23, 2006, 02:26:18 AM
Thanks so much  :wink:
have been Updated  :D
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: wallpapers on October 29, 2006, 08:25:34 PM
I'm maby stupid but what is " Cross-Site Scripting Vulnerability" i have never heard about it  :roll:
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: mawenzi on October 29, 2006, 09:19:15 PM
http://en.wikipedia.org/wiki/Cross_site_scripting
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: BitBull on November 01, 2006, 10:32:04 AM
Hi,

I just applied the security fix and viewed the result.

The page in general looks like it has been before but on the Top of the page there are now a lot of additional system messages:  8O

Code: [Select]
cache[$row['cat_id']] = $row['new_images']; } $site_db->free_result(); // -------------------------------------- $sql = "SELECT cat_id, COUNT(*) AS num_images FROM ".IMAGES_TABLE." WHERE image_active = 1 GROUP BY cat_id"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $cat_cache[$row['cat_id']]['num_images'] = $row['num_images']; } $site_db->free_result(); } //end if GET_CACHES ?>
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 86

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 86

Warning: Cannot modify header information - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 94

Warning: Cannot modify header information - headers already sent by (output started at /homepages/blablabla/publik/global.php:450) in /homepages/blablabla/publik/includes/sessions.php on line 94

I integrated the gallery in the layout of my site. Can it be that the script tries to modify that layout now too?
What can these messages mean?  :?

regards

BitBull
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: BitBull on November 01, 2006, 11:25:26 AM
 8O I tried to log on as registered user ...

There are even more of these messages and I am not able to log in anymore!  :?: :?: :?:

Some guesses somewhere?

regards

BitBull
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Nicky on November 01, 2006, 12:30:44 PM
seams your global.php is strange...
uploaded as binary... edited with nonconform editor.
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: BitBull on November 01, 2006, 12:45:07 PM
Hmmm ... I guess thats not the problem really.

I am using Phase 5 (HTML Editor). I am using that editor ever and I did all my work on my sites with that editor.

I also removed the fix in global.php with this editor and everything works properly again ...

... but so I haven't applied the security fix.

Any other idea?

thanks and regards

BitBull
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Nicky on November 01, 2006, 12:56:46 PM
then is something else..
like you can see, all ppl. don't have a problem with it.
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: BitBull on November 01, 2006, 01:05:26 PM
most certainly yes! :wink:

But hopefully someone can "understand" these messages and give me a hint where the problem could be to find ... :roll:

For me it seems that it has something to do with the header-file because there I integrated the menu etc. of my site. Can it be that with these additions the new line in the global.php has a problem? ...

The mentioned 2 lines in the sessions.php are:
86:
Code: [Select]
    session_start();
and 94:
Code: [Select]
    setcookie($cookie_name, $value, $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
BitBull
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Jan on November 02, 2006, 10:15:42 AM
The line that causes this error is in global.php, line 450.

Quote
output started at /homepages/blablabla/publik/global.php:450

Can you post whats in (or better in and around) this line.

Jan
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: BitBull on November 02, 2006, 10:32:01 AM
 8O

Thats funny...

my global.php ends with line 438 already.  :?:

here are the last lines of my global.php (426 to 438):
Code: [Select]
  $sql = "SELECT cat_id, COUNT(*) AS num_images
          FROM ".IMAGES_TABLE."
          WHERE image_active = 1
          GROUP BY cat_id";
  $result = $site_db->query($sql);

  while ($row = $site_db->fetch_array($result)) {
    $cat_cache[$row['cat_id']]['num_images'] = $row['num_images'];
  }
  $site_db->free_result();
} //end if GET_CACHES

?>

Just as a relation. The bugfix line lies between 166 to 169:
Code: [Select]
if (isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) {
  $mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
  $mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
}

regards

BitBull
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: Jan on November 02, 2006, 10:41:04 AM
Are you sure that the global.php on your server is the same as the one on your harddisk?
Title: Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
Post by: BitBull on November 02, 2006, 11:20:01 AM
I compared it again (took a copy from the server again where I've put the fixed file yesterday ...)

Yes, both are exactely the same

BUT :!: :!: :!:

Don't ask me why. I've had a look on my gallery just now ... the error messages are gone ...  :?  seems that a miracle occured, doesn't it???

I am even able to log in again.   :mrgreen:

So everything is OK. I will check it out tomorrow again ... I hope the bloody messages won't be back again.  :wink:

Thanks Nicky an Jan for your time and support

So lets go on with daily business ... :lol:

regards

Tobi