Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sitex multiple vulnerabilities

From: Lostmon () gmail com
Date: 14 Apr 2007 18:34:24 -0000
Hello !

Original article:http://lostmon.blogspot.com/2007/04/posible-patch-for-sitex.html
vendor url: http://sitex.bjsintay.com/

osvdb id:33158,33159,33160,33161
http://archives.neohapsis.com/archives/bugtraq/2007-02/0477.html
http://www.securityfocus.com/archive/1/archive/1/461305/100/0/threaded
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1234

after study this vulns i found a simple posible patch :

some others params are afected like albumid upon submit to albun.php
username box upon submision to login.php , and multiple others params. 

the most of those flaws could be solve by a simple patch for "emergency" before the vendor 
release a update or a patch 

open includes/functions.php

arround line 12-13 we have this code

// - = - = - = - = - = - = - = - = -
// GLOBAL CODE
// - = - = - = - = - = - = - = - = - 

// Convert post, get, and server variables for shorthand use and
// register globals compatibility

if (!empty($_POST))     foreach ($_POST as $k => $v)    $$k = $v;
if (!empty($_GET))              foreach ($_GET as $k => $v)     $$k = $v;
if (!empty($_SERVER))   foreach ($_SERVER as $k => $v)  $$k = $v;
if (!empty($_COOKIE))   foreach ($_COOKIE as $k => $v)  $$k = $v;
if (!empty($_SESSION))  foreach ($_SESSION as $k => $v) $$k = $v;

// Prevent PHP include vulnerability, initialize important vars, will be over-written
#################################################################


you can change for this other :

################################################################
// stop XSS  function to mitigate the posible XSS flaws
//use StopXSS(param or function)

function StopXSS($text){

$text = preg_replace("/(\<script)(.*?)(script>)/si", "", "$text");
$text = strip_tags($text);
$text = str_replace(array("'","\"",">","<","\\"), "", $text);
return $text;

}

// - = - = - = - = - = - = - = - = -
// GLOBAL CODE
// - = - = - = - = - = - = - = - = - 

// Convert post, get, and server variables for shorthand use and
// register globals compatibility

if (!empty($_POST))     foreach ($_POST as $k => $v)    $$k = StopXSS($v);
if (!empty($_GET))              foreach ($_GET as $k => $v)     $$k = StopXSS($v);
if (!empty($_SERVER))   foreach ($_SERVER as $k => $v)  $$k = StopXSS($v);
if (!empty($_COOKIE))   foreach ($_COOKIE as $k => $v)  $$k = StopXSS($v);
if (!empty($_SESSION))  foreach ($_SESSION as $k => $v) $$k = StopXSS($v);

// Prevent PHP include vulnerability, initialize important vars, will be over-written

#####################################################################

and the most of xss flaws now are solved :D

Thnx for your time !!!

Thnx to OSVDB !!!

-- 
atentamente:
Lostmon (lostmon () gmail com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Previous By Date Next
Previous By Thread Next

Current thread: