Author Topic: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php  (Read 111840 times)

0 Members and 1 Guest are viewing this topic.

Offline Jan

  • Administrator
  • 4images Guru
  • *****
  • Posts: 5.024
    • View Profile
    • 4images - Image Gallery Management System
This is an important security fix.

Open includes/sessions.php and find the following line:

Code: [Select]
$this->session_id = session_id();
replace this line with the following code:

Code: [Select]
$this->session_id = preg_replace('/[^a-z0-9]+/i', '', session_id());
« Last Edit: May 03, 2006, 11:49:16 AM by Jan »
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Re: [1.7.1, 1.7.2] Security fix for SQL injection in session.php
« Reply #1 on: May 03, 2006, 11:47:13 AM »
Danke für das schnelle Fix ! Und nur für  1.7.1, 1.7.2 ... nicht 1.7 ?
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline DBCapricorn

  • Pre-Newbie
  • Posts: 1
    • View Profile
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #2 on: May 04, 2006, 02:43:24 AM »
Always on it. Thanks for looking out for us. :)

Offline ivan

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 2.279
    • View Profile
    • Bilder Gallery
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #3 on: May 05, 2006, 06:32:17 AM »
hello,
i have two this lines

Code: [Select]
  function get_session_id() {
    if (SID == '') {
      $this->mode = "cookie";
    }

    $this->session_id = session_id();
  }

and here

Code: [Select]
    if (!isset($this->session_info['session_ip']) || (isset($this->session_info['session_ip']) && $this->session_info['session_ip'] != $this->user_ip))
    {
      session_regenerate_id();
      $this->session_id = session_id();
      return false;
    }

both replace???

greets ivan
greetings / grüsse
ivan

Facebook Fan Page | Follow Twitter

Blog: Reisen Blog
Bilder Gallery: Bilder Gallery

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #4 on: May 05, 2006, 02:29:21 PM »
the first one is enough ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline vBFreak

  • Newbie
  • *
  • Posts: 42
    • View Profile
    • Gerrits Forum
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #5 on: May 08, 2006, 02:13:30 AM »
Betrifft das auch die User, die die vBulletin-Integration verwenden? Ich kann in der ganzen Datei $this->session_id = session_id(); nirgends finden...

--

Are users of the vBulletin gallery integration also affected? I can't find these lines or $this->session_id = session_id(); at all...

Offline Bugfixed

  • Jr. Member
  • **
  • Posts: 95
    • View Profile
    • http://www.lavinya.net
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #6 on: May 10, 2006, 04:38:57 PM »
I'm using phpbb+4images integration system. in /galeri/includes/sesion.php "$this->session_id = session_id();" not line. please help.
<?php Find Bug ?>

Offline JensF

  • Addicted member
  • ******
  • Posts: 1.028
    • View Profile
    • http://www.terraristik-galerie.de
Re: [1.7.1, 1.7.2] Security fix for SQL injection in session.php
« Reply #7 on: May 11, 2006, 12:22:06 AM »
Danke für das schnelle Fix ! Und nur für  1.7.1, 1.7.2 ... nicht 1.7 ?

Ich denke nicht, oder?? Ich jedenfalls kann den Teil nicht in meiner sessions.php finden...
Mit freundlichem Gruß
Jens Funk



-> Sorry for my bad English <-

Offline flo31083

  • Newbie
  • *
  • Posts: 14
    • View Profile
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #8 on: May 18, 2006, 01:46:54 PM »
I have the newest version only 1 week ago ago down-loaded participates that fixed there already? or do I have to change that again now? thus was the down load updated?


sorry for ma english


in german

ich hab die neuste version erst vor 1 woche runtergeladen ist der fix da schon dabei ? oder muss ich das jetzt nochmal selbst ändern ? also würde der download aktualisiert ?

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.408
    • View Profile
    • 4images - Image Gallery Management System
Re: [1.7.1, 1.7.2] Security fix for SQL injection in session.php
« Reply #9 on: May 18, 2006, 10:52:26 PM »
Danke für das schnelle Fix ! Und nur für  1.7.1, 1.7.2 ... nicht 1.7 ?

Exactly, this fix is only for 1.7.1 and 1.7.2, not for 1.7
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.408
    • View Profile
    • 4images - Image Gallery Management System
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #10 on: May 18, 2006, 11:01:10 PM »
I have the newest version only 1 week ago ago down-loaded participates that fixed there already? or do I have to change that again now? thus was the down load updated?

Yes, the fix is included in the current download (since 3rd of may 2006).
If you're not sure, search in includes/sessions.php for code Jan posted in the first post.
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline vBFreak

  • Newbie
  • *
  • Posts: 42
    • View Profile
    • Gerrits Forum
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #11 on: May 26, 2006, 05:23:31 PM »
I don't know why, even if I don't know if it was this bug I had spam bots in my gallery yesterday whose used a sql injection bug on my gallery to spam user comments with advertisement for porno links and so on...

As I've already said above I'm using the vBulletin integration and I can't find the line mentioned above...

what can I do?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #12 on: May 26, 2006, 11:40:56 PM »
I don't know why, even if I don't know if it was this bug I had spam bots in my gallery yesterday whose used a sql injection bug on my gallery to spam user comments with advertisement for porno links and so on...
and how did you get to this conclusion? do you have proof they used a hole in 4images? (not that I'm judging you ;))
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline vBFreak

  • Newbie
  • *
  • Posts: 42
    • View Profile
    • Gerrits Forum
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #13 on: May 27, 2006, 04:29:39 AM »
I'm sure since they were not registered and if you're not registered you're unable to post comments, I've tested that.

Also as I've viewed the comments in my admin cp to delete them, some fields seemed to be empty or so, the comment overview of the picture where they had spammed looked really strange especially for these comments only, so I don't think these comments were made through the 4images gallery itself.

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Administrator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
« Reply #14 on: May 27, 2006, 07:48:07 PM »
Ok, please attach your sessions.php, I'll take a look at it.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

 

Post your comments here