Security Patch for PortailPHP 0.99

• Previous message: Solar Designer: "Re: d_path() truncating excessive long path name vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 28 Nov 2002 12:50:50 -0500
From: vALDEUx@aol.com
To: contact@securitybugware.org, bugtraq@securityfocus.com, claced@m6net.fr

PRODUCT : PORTAILPHP
        http://www.yoopla.net/portailphp/
        A nice PHP CMS

PROBLEM : XSS
        SQL INJECTION
        in /mod_search/index.php
        read it for more details :)

SOLUTION : Download patch from http://www.phpsecure.org
        or manually add this lines at beginning of /mod_search/index.php :
                /* XSS AND SQL HOLES PATCHED BY WWW.PHPSECURE.ORG */
                $rech = str_replace("'",'',$rech); // protection anti SQL injection
                $BD_Tab_docs = str_replace('`','',$BD_Tab_docs); // idem
                $BD_Tab_file = str_replace('`','',$BD_Tab_file); // idem
                $BD_Tab_liens = str_replace('`','',$BD_Tab_liens); // idem
                $BD_Tab_faq = str_replace('`','',$BD_Tab_faq); // idem
                $chemin = htmlentities($chemin); // anti XSS
                $App_Theme = htmlentities($App_Theme); // idem
                $Rub_Search = htmlentities($Rub_Search); // idem
                $Rub_News = htmlentities($Rub_News); // idem
                $Rub_File = htmlentities($Rub_File); // idem
                $Rub_Liens = htmlentities($Rub_Liens); // idem
                $Rub_Faq = htmlentities($Rub_Faq); // idem
                /* END OF SECURITY PATCH */
        or wait for an official release ... at your own risks.

CREDITS : http://www.phpsecure.org :)

• Next message: Eitan Caspi: "User downgraded from Administrator to User retains the ability to list other user's running tasks"
• Previous message: Solar Designer: "Re: d_path() truncating excessive long path name vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]