CRITICAL: phpBB Search Exploit, Follow-up :: Archived

Trevor · Last edited by Trevor on Mon Mar 28, 2005 2:14 am; edited 1 time in total

editors note: Patches are available here!

CRITICAL SECURITY BULLETIN

Following my original post here regarding the recent phpBB search highlighting exploit, the phpBB Group has become aware that the exploit can be taken advantage of, in a serious way. This clearly contradicts what I said in my original post, but this IS serious folks. We cannot urge you strongly enough to apply the fix below. This fix does NOT pertain to CPG-Nuke 9, it is immune because of our new quote handling system.

Note: If you applied the earlier fix for .htaccess, keep it - it's a good security measure to take.

The Patch

Open up modules/Forums/viewtopic.php

Find on line ~514:

PHP:

$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));

Replace with:

PHP:

$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

Note: If you see a <?php in the above code snippets, ignore it - it's a bug that we are trying to trace.

If you prefer to upload a patched copy of the file, you will find it below...

Please do take this seriousely, this is a critical issue. Spread the word to as many people as you possibly can that are using CPG-Nuke!

As always, thank you for your continued support of CPG-Nuke.

External Links

NEMINI · Diamond Supporter Offline Joined: Apr 22, 2004 Posts: 4551

may I suggest a notice on the front page and perhaps a newsletter go out ... similar to when the coppermine exploit was found. If these are already in the works feels free to ignore this post.

Trevor

Good idea, we'll work on that

Jeruvy

Yes, this exploit has several PoC's circulating the net one has been available for over a week, so the SK's will be out active this weekend for sure.

All 8.1.1 and 8.2a and 8.2b users are advised to upgrade immediately.

tuta

It seems that this fix disable's the [img] tag handling in signatures. Is that right?

(just checking)

Wide

Thank you Trevor.

For critical updates may I suggest a group hug, I mean email Embarassed

Have a great evening Big grin

THiNKFiRE · Silver Supporter Offline Joined: Sep 09, 2004 Posts: 130

tuta wrote:

It seems that this fix disable's the [img] tag handling in signatures. Is that right?

(just checking)

Mine are working fine with that fix...

djdevon3 · Gold Supporter Offline Joined: Aug 05, 2004 Posts: 4363

mine work fine as well. secured 4 sites in 2 minutes. Smile

i didn't catch the news yesterday because all new news is far down on the index page. the top is full of stuff i've been seeing for weeks so i skip over it. not good Sad

tuta

ok -- sorry -- it was a problem with imageshack (which I use for most of my images on forums and such so as to not eat my own bandwidth).

winglet

Jeruvy wrote:

Yes, this exploit has several PoC's circulating the net one has been available for over a week, so the SK's will be out active this weekend for sure.

All 8.1.1 and 8.2a and 8.2b users are advised to upgrade immediately.

Forgive me,

"PoC's" and "SK's"? Not familiar with the terms although can infer they are bad little people intent on harm to the good, innocent folk of CPG-Nuke!

Smile

djdevon3 · Gold Supporter Offline Joined: Aug 05, 2004 Posts: 4363

POC means Port of Call. It's a nautical term but I don't think that's what he means. I've never heard of those two term's either. Rest assured whatever they are, they aren't good people.