Re: PHP-Nuke <= 8.0 Cookie Manipulation (lang)

---

• From: Paul Laudanski <paul@xxxxxxxxxxxxxx>
• Date: Sun, 11 Mar 2007 15:50:09 -0400

---

programmer@xxxxxxxxxxxxxxx wrote:

Patch:

} elseif (isset($lang)) {
if (eregi('[A-Za-z]', $lang)) {
if (file_exists("language/lang-".$lang.".php")) {
include_once("language/lang-".$lang.".php");
$currentlang = $lang;
}else {
include_once("language/lang-english.php");
$currentlang = "english";
} }else {
include_once("language/lang-english.php");
$currentlang = "english";
}
} else {

/////////////////////////////////////////////////////////////////////////////////////////////////
Best Regards
Aleksandar
Programmer and Web Developer
///////////////////////////////////////////////////////////////////////////////////////////////

Building on your patch you'd want to incorporate basename(). You never want to accept directory traversal attempts into variables.

Paul Laudanski, CastleCops
http://www.linkedin.com/pub/1/49a/17b
Submit Phish: www.castlecops.com/pirt
www.castlecops.com | de.castlecops.com | wiki.castlecops.com

---

• References:
  • PHP-Nuke <= 8.0 Cookie Manipulation (lang)
    • From: programmer

• Prev by Date: RIM BlackBerry Pearl 8100 Browser DoS
• Next by Date: [security bulletin] HPSBUX02196 SSRT071318 rev.2 - HP-UX Java (JRE and JDK) Remote Execution of Arbitrary Code
• Previous by thread: PHP-Nuke <= 8.0 Cookie Manipulation (lang)
• Next by thread: Remote File Include In Script Premod SubDog 2
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [PATCH 2/3] PCI: Add ability to rescan PCI busses ... I will definitely take some ideas from this patch and incorporate ... trigger a rescan of all PCI busses. ... Above is already a separate patch in my series. ... (Linux-Kernel) Re: BUG: The key "/ ?" on my abtn2 keyboard is dead with kernel 2.6.1 ... I'm also showing clashes with the below patch, so please incorporate ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: rfc: rewrite commit subject line for subsystem maintainer preference tool ... Subject: [PATCH] $(basename $(dirname $file)): commit desc... ... (Linux-Kernel) Re: Request for FreeBSD 4.9-RELEASE: PLEASE include this patch to BIND and turn it on by default ... > defeats Verisign's TLD wildcards. ... Please incorporate this patch into the ... > version of BIND that ships with FreeBSD 4.9-RELEASE. ... Please do NOT incorporate it. ... (freebsd-stable) Re: Solaris 8 Password Aging not working with pre-complied OpenSSH from Sunfreeware.com ... > I'm not aware of any pre-compiled packages for Solaris that incorporate ... > the patch. ... (comp.security.ssh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2007-03