PhpDig.net

Go Back   PhpDig.net > PhpDig Forums > Bug Tracker

Reply
 
Thread Tools
Old 12-11-2004, 03:14 AM   #1
zaartix
Orange Mole
 
Join Date: May 2004
Location: russia, samara
Posts: 56
really dangerous bug!!!! to Charter

Plz, give me you'r email, i'll send you link to danger bug

Last edited by zaartix; 12-11-2004 at 03:51 AM.
zaartix is offline   Reply With Quote
Old 12-11-2004, 03:14 AM   #2
zaartix
Orange Mole
 
Join Date: May 2004
Location: russia, samara
Posts: 56
or better send email to me on zaartix @no-spam@ yandex.ru
zaartix is offline   Reply With Quote
Old 12-11-2004, 03:20 AM   #3
zaartix
Orange Mole
 
Join Date: May 2004
Location: russia, samara
Posts: 56
result of this bug - anyone can view content of any file.
for example this is a part of your http://www.phpdig.net/forum/sendmessage.php file:
<?php
include("//hide\\");
header("HTTP/1.1 301 Moved Permanently");
header("Location: http://www.phpdig.net/forum/");
exit();
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 3.0.3 - Licence Number L*1*2*6*

in this code i've hide full path and license number
zaartix is offline   Reply With Quote
Old 12-11-2004, 09:44 AM   #4
Charter
Head Mole
 
Charter's Avatar
 
Join Date: May 2003
Posts: 2,539
Argh, noooooooooo...

In search.php find:
PHP Code:
extract(phpdigHttpVars(
     array(
'query_string'=>'string',
           
'refine'=>'integer',
           
'refine_url'=>'string',
           
'site'=>'string'// set to integer later
           
'limite'=>'integer',
           
'option'=>'string',
           
'lim_start'=>'integer',
           
'browse'=>'integer',
           
'path'=>'string'
           
)
     )); 
And replace with:
PHP Code:
extract(phpdigHttpVars(
     array(
'query_string'=>'string',
           
'refine'=>'integer',
           
'refine_url'=>'string',
           
'site'=>'string'// set to integer later
           
'limite'=>'integer',
           
'option'=>'string',
           
'lim_start'=>'integer',
           
'browse'=>'integer',
           
'path'=>'string'
           
)
     ),
EXTR_SKIP); 
Special thanks to zaartix for finding this! Watch this thread for updates!
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.
Charter is offline   Reply With Quote
Old 12-11-2004, 09:55 AM   #5
zaartix
Orange Mole
 
Join Date: May 2004
Location: russia, samara
Posts: 56
no problems, man
zaartix is offline   Reply With Quote
Old 12-11-2004, 11:44 AM   #6
ZoRaC
Green Mole
 
Join Date: Jul 2004
Location: Steinkjer, Norway
Posts: 11
Charter,
I've taken my phpDig down, so please send out a new mail when the bug is completly fixed and a fix is ready for download.

Thanks!

Last edited by ZoRaC; 12-11-2004 at 11:47 AM. Reason: Misspelling
ZoRaC is offline   Reply With Quote
Old 12-12-2004, 02:10 AM   #7
Charter
Head Mole
 
Charter's Avatar
 
Join Date: May 2003
Posts: 2,539
http://www.phpdig.net/forum/showthread.php?t=1608
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.
Charter is offline   Reply With Quote
Old 12-12-2004, 04:15 AM   #8
tomas
Orange Mole
 
Join Date: Feb 2004
Posts: 47
New Version 1.8.5

hi charter,

maybe you forgot these lines setting the "EXTR_SKIP" flag:

admin/spider.php:
extract(phpdigGetSiteFromUrl($id_connect,trim($url),$linksper,$linksper_fla g,$limit,$limit_flag,$usetable));
extract(phpdigTempFile($url_indexing,$result_test_http,$relative_script_pat h.'/admin/temp/'));

admin/update.php:
extract($a_result);
extract($num_result);
extract($this_exclude);

libs/function_phpdig_form.php:
extract($result);



kind regards
tomas

Last edited by tomas; 12-12-2004 at 04:17 AM.
tomas is offline   Reply With Quote
Old 12-12-2004, 10:00 AM   #9
Charter
Head Mole
 
Charter's Avatar
 
Join Date: May 2003
Posts: 2,539
Not every extract without the EXTR_SKIP is a problem.
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.
Charter is offline   Reply With Quote
Old 12-12-2004, 11:43 AM   #10
tomas
Orange Mole
 
Join Date: Feb 2004
Posts: 47
Forum links to sites using phpdig

hi charter,

ok - the problem occurs only in arrays.

for those who do not want to upgrade - is anything done with changing the
flag to EXTR_SKIP?

would you email me a partly pattern to search in apache-logs for a possible hack?

please delete the forum entries with the links to members sites using phpdig because this would be the crackers-dream - getting a list where to have all this fun (knowing this my link-entry was phpdig-website ;-)


thanx
tomas
tomas is offline   Reply With Quote
Old 12-12-2004, 01:14 PM   #11
Charter
Head Mole
 
Charter's Avatar
 
Join Date: May 2003
Posts: 2,539
The problem occurred for another reason, but that's all, no details. People need to upgrade or face possible exploits. To search your logs, just check for anyone accessing your important files. For example, grep on config.php and other important files and review the output for suspicious requests. You will know it if you see it. Also check for any file starting with a string of numbers, that file being writable or in a writable location. If you find such a file and it is not your content, review the file, then delete the file and again check your logs for any requests to the file. As for the PhpDig link entry set via the vB control panel, only admins or mods can see it.
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.
Charter is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Do i need help or is it a bug? se7en Troubleshooting 2 03-16-2006 06:23 AM
For Charter: Serious Problem jinkas Feedback & News 1 03-01-2005 10:53 PM
IE bug? FaberFedor Troubleshooting 6 01-30-2005 03:39 PM
Charter, Please do me a favour. sid How-to Forum 5 10-18-2003 02:36 AM


All times are GMT -8. The time now is 09:22 PM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.