New Security Bug Fix 13 March 2007 - نوشته شده در (18783 Views)
HuwR
Forum Admin
HuwR
مطلب: 20611
20611
this fix relates to http://secunia.com/advisories/24358/

in pop_profile.asp look for the following lines of code

parts = split(rs("M_MSN"),"@")

in a clean pop_profile this will be on line 334 and again on line 609
replace that line with the line below.
parts = split(ChkString(rs("M_MSN"), "display"),"@")

Alternatively you can just disable the MSN messanger link from the admin options<
 پیش‌فرض مرتب‌سازی برای تاریخ DESC به معنی جدیدترین است  
 تعداد در صفحه 
نوشته شده در
wildfiction
Junior Member
wildfiction
مطلب: 167
167
Thanks Huw!
I wanted to check to see if anybody had attempted to exploit this on any of my fora and so I ran the following SQL query:
select MEMBER_ID, M_MSN from FORUM_MEMBERS where M_MSN != '';
and then browsed the M_MSN field for script.
Was I looking in the right place? i.e. Is that where the script would have been placed?<
نوشته شده در
HuwR
Forum Admin
HuwR
مطلب: 20611
20611
yes, that is the correct field to look in<
نوشته شده در
Stefano Angaran
Starting Member
Stefano Angaran
مطلب: 1
1
Hi,
I founded this vulnerability and your solution doesn't really work, I could exploit it on my test site with no problems at all.
The single quotes are the real problem, using "display" only replaces double quotes and "plus" signs.
Bye

P.S.: also the vulnerability is found in pop_messengers.asp<
آخرین ویرایش توسط
نوشته شده در
SiSL
Average Member
SiSL
مطلب: 671
671
Hmm, hard to put replace(x,"'","''") thing?<
CHIP Online Forum
My Mods Select All Code | Fix a vulnerability for your private messages | Avatar Categories W/ Avatar Gallery Mod | Complaint Manager Admin Level Revisited | Merge Forums | No More Nested Quotes Mod
نوشته شده در
HuwR
Forum Admin
HuwR
مطلب: 20611
20611
Originally posted by Stefano Angaran
Hi,
I founded this vulnerability and your solution doesn't really work, I could exploit it on my test site with no problems at all.
The single quotes are the real problem, using "display" only replaces double quotes and "plus" signs.
Bye

P.S.: also the vulnerability is found in pop_messengers.asp
perhaps in future you could follow the guidlines of secunia and inform us the developers of your findings rather than being a twat and making a public report about it.<
نوشته شده در
HuwR
Forum Admin
HuwR
مطلب: 20611
20611
I would advise users to disable MSN until we post a full fix.<
نوشته شده در
ruirib
Snitz Forums Admin
ruirib
مطلب: 26364
26364
The fix to this issue is to ensure that any data inserted into the MSN field is a valid email value. As such, here are the changes needed to properly validate the input to the MSN field.
1. register.asp
At approximately line#293, where you now have
Code:

                if strMSN = "1" and trim(Request.Form("MSN")) <> "" then
		   if EmailField(Request.Form("MSN")) = 0 then 
			Err_Msg = Err_Msg & "<li>You Must enter a valid MSN Messenger Username</li>"
		    end if
		end if


Replace it by

Code:

         if strMSN = "1" and trim(Request.Form("MSN")) <> "" then

            set regEx = New RegExp
	    regEx.Global = true
            regEx.IgnoreCase = true
	    regEx.Pattern =  "^[A-Z0-9._%-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4}$"
	    retVal = regEx.Test(Request.Form("MSN"))
	    If Not retVal Then
	       Err_Msg = Err_Msg & "<li>You Must enter a valid MSN Messenger Username</li>"
	    end if
	end if


2. Pop_profile.asp
Approximately at line# 1065 and line# 1386 (line# already including the first change), where you now have
Code:

             if strMSN = "1" and trim(Request.Form("MSN")) <> "" then
		if EmailField(Request.Form("MSN")) = 0 then 
		   Err_Msg = Err_Msg & "<li>You Must enter a valid MSN Messenger Username</li>"
		end if
	     end if
replace it by
Code:

          if strMSN = "1" and trim(Request.Form("MSN")) <> "" then

            set regEx = New RegExp
	    regEx.Global = true
            regEx.IgnoreCase = true
	    regEx.Pattern =  "^[A-Z0-9._%-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4}$"

	    retVal = regEx.Test(Request.Form("MSN"))
	    If Not retVal Then
		Err_Msg = Err_Msg & "<li>You Must enter a valid MSN Messenger Username</li>"
	    end if
	end if
<
Snitz 3.4 Readme | Like the support? Support Snitz too
نوشته شده در
ruirib
Snitz Forums Admin
ruirib
مطلب: 26364
26364
I've updated the regular expression used to validate the email, because it was failing in some situations. Also, as this one is more simple and is only including upper case letters, regEx.IgnoreCase = true was also added.
This expression will work in almost all common cases, but it will fail in some cases. I had to replace it because the expression I got from my regular expressions source failed where I didn't expect it to. This one was found here. You will also find at the same URL a very, very long expression that will work in every possible case. Use it if you want to.<
Snitz 3.4 Readme | Like the support? Support Snitz too
 
شما باید یک متن وارد کنید