Author Topic: [1.7 / 1.7.1] Security fix in sessions.php  (Read 269260 times)

0 Members and 1 Guest are viewing this topic.

Offline TariqAlAli

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #45 on: July 16, 2005, 10:08:12 AM »
HI All,

it has been a month since my first post about this fix. No more penetration to my server via SESSION  :D :D

no other details will be posted  :lol: :lol: :lol:

My advise, replace ASAP.


Regards

Tariq

Offline Dan1113

  • Jr. Member
  • **
  • Posts: 72
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #46 on: July 24, 2005, 12:55:44 AM »
I see that the vbulletin 2.x integration is ok, but what about the 3.x?

Here's the line in 3.x
$user_id = ($this->read_cookie_data(COOKIE_PREFIX."userid")) ? $this->read_cookie_data(COOKIE_PREFIX."userid") : GUEST;

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #47 on: July 24, 2005, 05:27:40 AM »
Code: [Select]
$user_id = ($this->read_cookie_data(COOKIE_PREFIX."userid")) ? intval($this->read_cookie_data(COOKIE_PREFIX."userid")) : GUEST;
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline pkitty

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #48 on: August 18, 2005, 04:20:30 AM »
I have a problem, I did this fix when it first came out, I recently had an influx of members, and I got an email today from one of them with a link in it, and when I clicked on it, I was logged into her account, I checked and double checked...this is the part of the code I changed in includes/sessions.php  am I missing something?

Code: [Select]
  function demand_session() {
    $this->get_session_id();
    if (!$this->load_session_info()) {
      $this->delete_old_sessions();
    $user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;
    $this->start_session($user_id);
    }
    else {
      $this->user_info = $this->load_user_info($this->session_info['session_user_id']);
      $update_cutoff = ($this->user_info['user_id'] != GUEST) ? $this->current_time - $this->user_info['user_lastaction'] : $this->current_time - $this->session_info['session_lastaction'];
      if ($update_cutoff > 60) {
        $this->update_session();
        $this->delete_old_sessions();
      }
    }
  }

  function start_session($user_id = GUEST, $login_process = 0) {
    global $site_db;

    $this->user_info = $this->load_user_info($user_id);
    if ($this->user_info['user_id'] != GUEST && !$login_process) {
      if ($this->read_cookie_data("userpass") === $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {
        $this->set_cookie_data("userpass", $this->user_info['user_password']);
      }
      else {
        $this->set_cookie_data("userpass", "", 0);
        $this->user_info = $this->load_user_info(GUEST);
      }
    }

       

Offline Jan

  • Administrator
  • 4images Guru
  • *****
  • Posts: 5.024
    • View Profile
    • 4images - Image Gallery Management System
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #49 on: August 19, 2005, 01:53:20 PM »
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline pkitty

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #50 on: August 20, 2005, 07:46:54 PM »
I already have that in my includes/sessions.php.... see down below, so that cant be the problem unless I should have that in there...this is so confusing.

Code: [Select]
  if (!isset($this->session_info['session_user_id'])) {
        return false;
    }

if (!isset($this->session_info['session_ip']) || (isset($this->session_info['session_ip']) && $this->session_info['session_ip'] != $this->user_ip))
    {
      session_regenerate_id();
      $this->session_id = session_id();
      return false;
    }

    return $this->session_info;
  }


Offline hyde101

  • Sr. Member
  • ****
  • Posts: 410
  • 34TR.COM (Running 4images)
    • View Profile
    • Nostalgia Istanbul
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #51 on: August 23, 2005, 06:47:30 PM »
I have 1.7 and I already have this modificition, (didn't need to change in sessions.php)

Please Vote for my site: Here

Offline pkitty

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #52 on: August 24, 2005, 03:39:42 AM »
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed.  I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong?  Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?

Offline Xyu BAM

  • Full Member
  • ***
  • Posts: 145
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #53 on: August 24, 2005, 05:19:18 AM »
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed. I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong? Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?
your problem is not related to this topic...

Offline hyde101

  • Sr. Member
  • ****
  • Posts: 410
  • 34TR.COM (Running 4images)
    • View Profile
    • Nostalgia Istanbul
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #54 on: August 24, 2005, 06:04:56 AM »
But as I said, I have 1.7 and I didn't need to change this as it was already there..
Probably some other mod changed it? I don't remember, really. But it's there (new format)

Please Vote for my site: Here

Offline pkitty

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #55 on: August 24, 2005, 04:49:03 PM »
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed. I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong? Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?
your problem is not related to this topic...

Well then what topic IS it related to? 

Offline xico

  • Newbie
  • *
  • Posts: 30
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #56 on: September 12, 2005, 12:51:40 AM »
I made that change few months ago and today i was hacked... do you have another recent security fix?

Offline Xyu BAM

  • Full Member
  • ***
  • Posts: 145
    • View Profile
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #57 on: September 12, 2005, 08:13:17 AM »
I made that change few months ago and today i was hacked... do you have another recent security fix?
and what is your evidence that your've been hacked THROUGH 4images ?

Offline hyde101

  • Sr. Member
  • ****
  • Posts: 410
  • 34TR.COM (Running 4images)
    • View Profile
    • Nostalgia Istanbul
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #58 on: September 12, 2005, 03:32:26 PM »
That's terrible..

Xico, what else do you have public on your server? any php forums such as phpbb or invision board?
please list the versions of any other php script you have on your server..

What kind of "hack" was it? Was it "deface" (changing of INDEX)

Please Vote for my site: Here

TheOracle

  • Guest
Re: [1.7,1.7.1] Security fix in sessions.php
« Reply #59 on: September 13, 2005, 03:15:37 AM »
Quote

please list the versions of any other php script you have on your server..


@Xico:

If you intend to list your Global Server Information on the forum, please install this MOD first if you haven't do so. It will facilitate your task. ;)

http://www.4homepages.de/forum/index.php?topic=9289.msg43918#msg43918