Author Topic: [1.7 - 1.7.10] Security fix for XSS and sql injection in admin/categories.php  (Read 15657 times)

0 Members and 1 Guest are viewing this topic.

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.423
    • View Profile
    • 4images - Image Gallery Management System
A cross site scripting vulnerability and possible sql injection in the 4images admin panel 1.7 - 1.7.10 has been found.

To fix this:

In admin/categories.php


$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? $HTTP_GET_VARS['cat_parent_id'] : 0;

and replace it with

$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? intval($HTTP_GET_VARS['cat_parent_id']) : 0;
« Last Edit: March 19, 2012, 02:50:36 PM by kai »
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
I don't get it, how is this a vulnerability? if someone already got access to admin account information and logged in as admin, this will not stop them from do whatever they want to, let alone use this security hole for anything...I mean, sure it's a bug, should be fixed, but call it a security bug... ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)