Author |
Topic |
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 13 March 2007 : 07:52:36
|
this fix relates to http://secunia.com/advisories/24358/
in pop_profile.asp look for the following lines of code
parts = split(rs("M_MSN"),"@")
in a clean pop_profile this will be on line 334 and again on line 609 replace that line with the line below.
parts = split(ChkString(rs("M_MSN"), "display"),"@")
Alternatively you can just disable the MSN messanger link from the admin options< |
|
wildfiction
Junior Member
167 Posts |
Posted - 13 March 2007 : 10:09:52
|
Thanks Huw!
I wanted to check to see if anybody had attempted to exploit this on any of my fora and so I ran the following SQL query: select MEMBER_ID, M_MSN from FORUM_MEMBERS where M_MSN != ''; and then browsed the M_MSN field for script.
Was I looking in the right place? i.e. Is that where the script would have been placed?< |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 13 March 2007 : 10:30:40
|
yes, that is the correct field to look in< |
|
|
Stefano Angaran
Starting Member
1 Posts |
Posted - 14 March 2007 : 20:06:29
|
Hi, I founded this vulnerability and your solution doesn't really work, I could exploit it on my test site with no problems at all.
The single quotes are the real problem, using "display" only replaces double quotes and "plus" signs.
Bye
P.S.: also the vulnerability is found in pop_messengers.asp< |
Edited by - Stefano Angaran on 14 March 2007 20:08:38 |
|
|
SiSL
Average Member
Turkey
671 Posts |
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 15 March 2007 : 04:02:37
|
quote: Originally posted by Stefano Angaran
Hi, I founded this vulnerability and your solution doesn't really work, I could exploit it on my test site with no problems at all.
The single quotes are the real problem, using "display" only replaces double quotes and "plus" signs.
Bye
P.S.: also the vulnerability is found in pop_messengers.asp
perhaps in future you could follow the guidlines of secunia and inform us the developers of your findings rather than being a twat and making a public report about it.< |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 15 March 2007 : 05:03:43
|
I would advise users to disable MSN until we post a full fix.< |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 15 March 2007 : 20:45:17
|
The fix to this issue is to ensure that any data inserted into the MSN field is a valid email value. As such, here are the changes needed to properly validate the input to the MSN field.
1. register.asp
At approximately line#293, where you now have
Replace it by
2. Pop_profile.asp
Approximately at line# 1065 and line# 1386 (line# already including the first change), where you now have
replace it by
< |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 19 March 2007 : 12:47:20
|
I've updated the regular expression used to validate the email, because it was failing in some situations. Also, as this one is more simple and is only including upper case letters, regEx.IgnoreCase = true was also added.
This expression will work in almost all common cases, but it will fail in some cases. I had to replace it because the expression I got from my regular expressions source failed where I didn't expect it to. This one was found here. You will also find at the same URL a very, very long expression that will work in every possible case. Use it if you want to.< |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
Topic |
|