Author Topic: [1.7 - 1.7.7] Security fix for XSS vulnerability in includes/functions.php  (Read 138120 times)

0 Members and 1 Guest are viewing this topic.

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.408
    • View Profile
    • 4images - Image Gallery Management System
A cross site scripting vulnerability in 4images 1.7 - 1.7.7 has been found.

To fix this:

In includes/functions.php

find

return $url;

and replace it by

return htmlspecialchars($url);


The download package of 4images 1.7.7 has been updated (15.06.2009)
« Last Edit: October 27, 2010, 11:43:25 AM by kai »
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline sanko86

  • Sr. Member
  • ****
  • Posts: 310
    • View Profile
    • Elemegim
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #1 on: June 15, 2009, 03:31:03 PM »
thank you.
Web site:http://www.anlatiyoruz.com
Hayat zorluklarla doludur.Ama en zoru insanın insana düşmanlığıdır.

Offline Benny Change

  • Addicted member
  • ******
  • Posts: 1.788
  • #WWG1WGA
    • View Profile
    • Qlobal-Change
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #2 on: June 15, 2009, 04:56:45 PM »
Danke,
hab es auch mal in meiner Liste mit aufgenommen!
http://www.4homepages.de/forum/index.php?topic=24888.0
Beste Grüße
Benny

Offline Jan-Lukas

  • Addicted member
  • ******
  • Posts: 1.287
    • View Profile
    • Discover the New World of Kindersurprise
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #3 on: June 15, 2009, 09:21:14 PM »
Danke,

LG Harald
Danke Harald




Offline nobby

  • 4images Guru
  • *******
  • Posts: 2.863
    • View Profile
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #4 on: June 15, 2009, 09:26:56 PM »
aktualisiert  :wink:

Offline ahmad

  • Newbie
  • *
  • Posts: 14
  • Ahmad Alfy
    • View Profile
    • Portsaid-Online.com
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #5 on: June 15, 2009, 09:52:52 PM »
Thanks alot

Offline adam_samhan

  • Pre-Newbie
  • Posts: 1
    • View Profile
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #6 on: June 16, 2009, 02:10:36 PM »
thanks kai  :roll:

Offline nabeel

  • Banned for spam
  • Pre-Newbie
  • Posts: 3
    • View Profile
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #7 on: June 26, 2009, 03:39:59 PM »
great
my site: [removed. spam]

Offline manola

  • Pre-Newbie
  • Posts: 1
    • View Profile
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #8 on: July 02, 2009, 03:12:37 AM »
Thank you so much for your information.
sonnerie portable gratuite


Offline oboinastol2008

  • Pre-Newbie
  • Posts: 1
    • View Profile
    • wallpaper
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #10 on: July 24, 2009, 09:10:52 AM »
 :!: Thank you!!!

Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #11 on: July 24, 2009, 12:34:54 PM »
... es ist schon eigenartig wie viele User mit "1 Beitrag" (und offensichtlich aus dem Nahen Osten) sich hier bedanken ...
... misteriös ... und ein Schelm wer hier Übeles denkt ...  :roll:
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

Offline soft4arab

  • Pre-Newbie
  • Posts: 2
    • View Profile
    • برامج
« Last Edit: April 12, 2011, 08:29:33 PM by soft4arab »

Offline honsa

  • Pre-Newbie
  • Posts: 7
    • View Profile
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #13 on: August 18, 2009, 07:17:49 PM »
... es ist schon eigenartig wie viele User mit "1 Beitrag" (und offensichtlich aus dem Nahen Osten) sich hier bedanken ...
... misteriös ... und ein Schelm wer hier Übeles denkt ...  :roll:

was denkst du denn? die funktion htmlspecialchars macht doch nicht viel :roll:

http://ch2.php.net/manual/de/function.htmlspecialchars.php

Offline mawenzi

  • 4images Moderator
  • 4images Guru
  • *****
  • Posts: 4.500
    • View Profile
Re: [1.7 - 1.7.7] Security fix for XSS inssue in includes/functions.php
« Reply #14 on: August 18, 2009, 09:09:16 PM »
@ honsa

... ich denke hier nichts, denn ich weiß es ...
... wogegen der Fix ist, dass sagt die Überschrift bereits (und die ist absolut ernst gemeint) ...
... woher die Leute kommen, die im 4images-Code rumtüfteln, um schadhaften Code platzieren zu können, das sagte ich bereits ...
... wenn Jan / Kai nun eine so einfache Lösung dazu gefunden haben ... dann Hut ab ... und es sollte uns alle freuen ...
... und mehr möchte ich dazu nicht ausführen ... ;)
Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...

 

Post your comments here