Author Topic: possible exploit: xss in 4images 1.7.4 and higher?  (Read 10760 times)

0 Members and 1 Guest are viewing this topic.

Offline mdwnn

  • Pre-Newbie
  • Posts: 2
    • View Profile

Offline matab

  • Newbie
  • *
  • Posts: 43
    • View Profile
Re: possible exploit: xss in 4images 1.7.4 and higher?
« Reply #1 on: April 05, 2008, 02:38:13 PM »
Hi there ...

This problem was solved long time ago

You have two ways : -

1 / to put this ( http://www. ) in homepage field  .

or

2 / to remove homepage code from ur template

open (member_editprofile.html)
remove this code :
Code: [Select]
<td class="row1"><b>{lang_homepage}</b></td>
<td class="row1"><input type="text" name="user_homepage"  size="30" value="{user_homepage}" class="input" /></td>

Offline mdwnn

  • Pre-Newbie
  • Posts: 2
    • View Profile
Re: possible exploit: xss in 4images 1.7.4 and higher?
« Reply #2 on: April 05, 2008, 03:11:33 PM »
So this is a confirmed xss exploit?  It would be good to have this in the release notes of the newer version if this was fixed?

Thanks for your reply.

Offline Jan

  • Administrator
  • 4images Guru
  • *****
  • Posts: 5.024
    • View Profile
    • 4images - Image Gallery Management System
Re: possible exploit: xss in 4images 1.7.4 and higher?
« Reply #3 on: April 07, 2008, 05:02:53 PM »
To fix this, search in member.php for

Code: [Select]
$user_homepage = (isset($user_row['user_homepage'])) ? format_url($user_row['user_homepage']) : REPLACE_EMPTY;
and replace it with

Code: [Select]
$user_homepage = (isset($user_row['user_homepage'])) ? format_text(format_url($user_row['user_homepage']), 2) : REPLACE_EMPTY;
« Last Edit: April 08, 2008, 12:27:23 PM by Jan »
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Re: possible exploit: xss in 4images 1.7.4 and higher?
« Reply #4 on: April 08, 2008, 12:12:41 PM »
@ Jan

... are you sure about that ...
... after your change shows now for homepage ...
Quote
Homepage : http://www.my_website.de" target="_blank">http://www.my_website.de

... instead of ...
Quote
Homepage : http://www.my_website.de
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline Jan

  • Administrator
  • 4images Guru
  • *****
  • Posts: 5.024
    • View Profile
    • 4images - Image Gallery Management System
Re: possible exploit: xss in 4images 1.7.4 and higher?
« Reply #5 on: April 08, 2008, 12:27:15 PM »
You are right, the correct line is:

Code: [Select]
$user_homepage = (isset($user_row['user_homepage'])) ? format_text(format_url($user_row['user_homepage']), 2) : REPLACE_EMPTY;
I've update the fix in my previous post!
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Re: possible exploit: xss in 4images 1.7.4 and higher?
« Reply #6 on: April 08, 2008, 12:50:54 PM »
... now it shows the homepage in the correct way ...
... thanks Jan ...
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...