Jump to content


Welcome to DevFuse Forums


Sign In  Log in with Facebook

Create Account
Welcome to DevFuse Forums, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of DevFuse Forums by signing in or creating an account.
  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
 
Guest Message by DevFuse

(View All Products)Featured Products

  • Donations


    Help fund your forum with donations, setup goals and track member donations. Offer rewards for members donating.
  • Timeslips


    Have your members submit their race times and share with others.
  • Videos


    Allows your members to submit their own videos for community viewing. Support is included for all the major video sites.
  • Forms


    Build your own forms for your members without coding experience. Support included for pm, email and topics.
  • Collections


    Build a community database of items for your members. Full features custom fields included.

Photo

IPB 2.1.7 Security Update (Low and Medium Risk)


  • Please log in to reply
2 replies to this topic

#1 Michael

Michael

    Management

  • Management
  • 3,544 posts
  • Gender:Male
  • IP.Board Version:IPB 3.4.x

Posted 05 October 2006 - 09:05 AM

IPB 2.1.x Low Risk Security Update

It has come to our attention that a relatively low risk XSS attack can be performed on an administrator in IPB 2.1.x. For this XSS attack to take place, the malicious user must store an avatar on their server that appears to be a legitimate image file but is actually a script that is set to redirect the browser to another location. The administrator must have 'root' access and must load the avatar in the ACP by searching for the member in the ACP's "Search Member" form.

Even though the XSS attack requires a very specific sequence of events, we consider that it's worth performing this security update. The security update is only a single ACP file which removes the user's avatar from displaying in the search results page. IPB 2.2.0, currently nearing release candidate status has increased security in the ACP which means this attack would not be successful.

To update your installation, simply download the attached file and upload the file "sources/action_admin/member.php" over the one currently used by your installation.


Source: Click Here

#2 Michael

Michael

    Management

  • Management
  • 3,544 posts
  • Gender:Male
  • IP.Board Version:IPB 3.4.x

Posted 09 October 2006 - 02:35 PM

Manual Update Instructions
Edit the file 'sources/action_admin/member.php'. Line 3456
$joined = $this->ipsclass->get_date( $r['joined'], 'JOINED' );
			
			$people .= <<
						<td width='{$td_width}%' align='left' class='$class'>

Add above it:
$avatar = "<img src='{$this->ipsclass->skin_url}/images/memsearch_head.gif' border='0' />";
So the final code reads:
$avatar = "<img src='{$this->ipsclass->skin_url}/images/memsearch_head.gif' border='0' />";
			
			$joined = $this->ipsclass->get_date( $r['joined'], 'JOINED' );
			
			$people .= <<
						<td width='{$td_width}%' align='left' class='$class'>


#3 Michael

Michael

    Management

  • Management
  • 3,544 posts
  • Gender:Male
  • IP.Board Version:IPB 3.4.x

Posted 22 October 2006 - 02:37 PM

IPB 2.1.7 Security Update - Medium Priority

It has come to our attention that due to the way some browsers interpret image tags a vulnerability exists which allows a malicious user to perform an XSS attack by forcing an "onerror" event in the snapback tag.

To update your board, simply download the attached ZIP file, unarchive it and upload 'sources/classes/bbcode/class_bbcode_core.php' over the one on your server. If you wish to patch your board manually, please read the second post in this announcement.

The main download has been updated as of the time of this announcement.

Note: IPB 2.2.0 (all versions) are NOT affected by this vulnerability.

Manual Patch Instructions for "sources/classes/bbcode/class_bbcode_core.php"

Function "regex_check_image", line 924:

Change:
$default = "[img]".$url."[/img]";

To:
$default = "[img]".str_replace( '[', '&# 091;', $url )."[/img]";

Change:
if ( preg_match( "/[?&;]/", $url) )

To:
if ( preg_match( "/[?&;\<\[]/", $url) )

Function "post_db_parse_bbcode", Line 486

Change:
preg_match_all( "#(\[$preg_tag\])((?!\[/$preg_tag\]).+?)?(\[/$preg_tag\])#si", $t, $match );
To:
preg_match_all( "#(\[$preg_tag\])((?!\[/$preg_tag\]).+?)?(\[/$preg_tag\])#si", $t, $match );

if ( $row['bbcode_tag'] == 'snapback' )
{
	$match[2][$i] = intval( $match[2][$i] );
}





1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


    Baidu (1)