TUCoPS :: Web BBS :: Frequently Exploited

TUCoPS :: Web BBS :: Frequently Exploited :: hack0714.htm
phpBB privmsg.php XSS vulnerability patch.

phpBB privmsg.php XSS vulnerability patch. For those who have not yet installed the phpBB packages fixing the XSS vulnerability in privmsg.php documented at and the groupcp.php vulnerability, or for those who do not want to download the new packages, the following patches can be quickly and easily applied to patch the vulnerabilities: ---CUT--- --- privmsg.php 2003-07-20 11:42:23.000000000 -0400 +++ privmsg.1.php 2004-01-27 13:58:41.000000000 -0500 @@ -58,6 +58,7 @@ if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) ) { $folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder']; +$folder = htmlspecialchars($folder); if ( $folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox' ) { @@ -102,6 +103,7 @@ if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) ) { $mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { ---CUT--- Apply the patch: patch privmsg.php phpbb2-xss.patch And: ---CUT--- --- groupcp.php 2004-01-27 15:14:46.000000000 -0500 +++ groupcp.1.php 2004-01-27 15:11:10.000000000 -0500 @@ -22,6 +22,7 @@ define('IN_PHPBB', true); $phpbb_root_path = './'; +$memberval = intval($members[$i]); include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); mem @@ -137,6 +138,7 @@ if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; + $mode = htmlspecialchars($mode); } else { @@ -590,7 +592,7 @@ $sql_in = ''; for($i = 0; $i < count($members); $i++) { - $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i]; + $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $memberval; } if ( isset($HTTP_POST_VARS['approve']) ) ---CUT--- Apply the patch: patch groupcp.php phpbb2-groupcp.patch Applying the above patches will fix the phpBB2 privmsg.php XSS vulnerability, and the input validation error vulnerability in the groupcp.php script. Thank you for your time. Shaun. ________________________________________________________________________ BT Yahoo! Broadband - Free modem offer, sign up online today and save Ł80 http://btyahoo.yahoo.co.uk