Full Disclosure mailing list archives
I have fixes for the Geeklog vulnerabilities
From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Sun, 5 Oct 2003 21:00:30 +0200
Hi, Due to the completely incorrect treatment and work of the Geeklog development team , that they don't developed fixes for THEIR product which is used around the world by lots of users , i have fixes aka patches for the last Geeklog vulnerabilities. 1.Fix against Cross Site Scripting Attacks: Edit your index.php file of the html root of your geeklog installation: Go the first line , after <?php insert this code: - xss fix - // XSS Fix for Geeklog XSS Vulnerabilities // This will stop sql injection by filtering these characters: // ; - ' - ` - ´ - + // By Lorenzo Hernandez Garcia-Hierro foreach ($HTTP_GET_VARS as $secvalue) { if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*span*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*h1*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*table*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*pre*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*em*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*input*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*td*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*option*\"?[^>]*>", $secvalue)) || (eregi(";", $secvalue)) || (eregi("'", $secvalue)) || (eregi("´", $secvalue)) || (eregi("`", $secvalue)) || (eregi("+", $secvalue)) || (eregi("\"", $secvalue))) { die (";-) whereis lammer lammer: you"); } } -xss fix end - 2.- Patch against SQL Injection vulnerabilities: The xss fix is hybrid fix because you block ` ´ ' with it. Go the the dir of the geelog scripts ( not html dir , the classes and config dir ) and edit the script system/lib-database.php go to line 152,the code to edit is this: - function DB_query($sql, $ignore_errors=0) { global $_DB; return $_DB->dbQuery($sql,$ignore_errors); } - Let's modify it , replace with: - sql injections fix - // Geeklog SQL Injection prevention fix // by Lorenzo Hernandez Garcia-Hierro function DB_query($sql, $ignore_errors=1) { global $_DB; return $_DB->dbQuery($sql,$ignore_errors); } - end of fix - Thats all but if you want to have a strong sql injection and error control go to line 441 , you see: function DB_error() { global $_DB; return $_DB->dbError(); } you can edit the function to write the ip of the client that make the error and block it , more agressive technics are easy to code ;-) - thats all folks ! - NOTES: it is completely inapropiated and non professional to ignore security issues in a product like the actions of the Geeklog devel team. Take the example of the phpWebSite devel team , they patched phpWebSite in one day , adviced the community and make patches availables in one day , they are real geeks but they don't say it , regards to the phpWebSite dev team for their excellent and perfect daily work. - TO: - All the users of geeklog that were vulnerable before this NON-OFFICIAL patches. -- Regards, ------------------------------------------------------ Lorenzo Hernandez Garcia-Hierro --- Security Consultant --- ------------------NSRGroup------------------- PGP: Keyfingerprint D185 3555 8ECD 3921 6B21 ACC6 CEBB 2826 4B4C 283E ID: 0x4B4C283E Size: 4096 ********************************** NSRGroup ( No Secure Root Group Security Research Team ) / ( NovaPPC Security Research Group ) http://www.nsrg-security.com ______________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- I have fixes for the Geeklog vulnerabilities Lorenzo Hernandez Garcia-Hierro (Oct 05)
- Re: I have fixes for the Geeklog vulnerabilities Jouko Pynnonen (Oct 12)
- <Possible follow-ups>
- Re: I have fixes for the Geeklog vulnerabilities Dirk Haun (Oct 05)
- Re: Re: I have fixes for the Geeklog vulnerabilities morning_wood (Oct 05)
- Re: Re: I have fixes for the Geeklog vulnerabilities devnull (Oct 05)
- Re: Re: I have fixes for the Geeklog vulnerabilities Michael Renzmann (Oct 05)
- Re: Re: I have fixes for the Geeklog vulnerabilities John Sage (Oct 06)
- Re: Re: I have fixes for the Geeklog vulnerabilities morning_wood (Oct 06)
- Re: Re: I have fixes for the Geeklog vulnerabilities John Sage (Oct 09)
- Re: Re: I have fixes for the Geeklog vulnerabilities morning_wood (Oct 09)
- Re: Re: I have fixes for the Geeklog vulnerabilities morning_wood (Oct 05)