Menu
▾
▴
[Phpwebsite-security] Re: [Phpwebsite-developers] Recent security warning
|
From: Matthew M. <ma...@tu...> - 2006-03-27 21:07:41
|
To tell the truth, I am not sure there is a security risk. Here is the warning: (thanks Kenneth) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1330 Of course the details of the hack are not listed nor has anyone contacted us about it, but recently they have appeared on security lists. Heck, I don't even know what 'friends.php' is. Here is article.php: if ($_REQUEST['sid']){ $sid = $_REQUEST['sid']; $module = 'announce'; } include('mod.php'); Ok so it changes the $sid to a global variable $sid; Look at mod.php. I won't cut and paste, but basically the $module variable goes into a switch. Nothing is run through the database. It goes into the announce case and builds a new address. The old id is compared to its upgrade array and the new id is added to the address. Finally the new address is sent to the header function and the browser is sent to the new url. If the $sid variable had some db injection in it, it should get cleaned out on the reroute by the Announce module. Now there may be something I am missing but so far I don't see any possible hack. Just to be sure though, I put up a notice to just delete those files. Matt On Mon, 2006-03-27 at 09:29 -0500, Verdon Vaillancourt wrote: > I had a couple questions about the recent security warning in regards > to article.php and friend.php. > > 1) article.php is still in the .10.2 distro... just trash it? > > 2) what sort of risk are these files? I still have a few sites running > .8.x code with both these files. These sites are unlikely to be updated > in the near future. Does the risk extend beyond the individual site, or > is it a larger risk to the server? > > Thanks, > verdon > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > Phpwebsite-developers mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers -- Matthew McNaney Electronic Student Services Appalachian State University http://phpwebsite.appstate.edu |
