You are not logged in. Please login or register.
Active topics Unanswered topics
Search options
Again we:) Pch-team (Russians forever)
Warning: low
is the content of the error: Incorrect checking of the key of activation in script profile.php.
This script can produce aktivitsiyu of acounts of user according to the reference, which comes to (e-mail), which the user with the registration indicates.
Usually this reference appears as follows: http://<path_to_forum>/profile.php?action=change_pass&id=5&key=1234567 Where id - this the identifier of user, and key - key of activation. After indicating id user (desirably existing), its current password there will be to udalen(t.e. password=NULL).Thus on the vulnerable forum it is possible to remove in all users passwords, which will deprive of their access to its akkauntu on the forum.To pass authorization with the empty password not to come out, since it peredpolagayetsya that the password not will be and it cannot be ever empty!!!
Example of eksploita:
http://<path_to_forum>/profile.php?action=change_pass&id=2&key=
In this case the password of a user with ID=2 will be deleted 2. It is also required that all cookies of a browser are deleted. 3. If you are redirected to the main page, try to clear the history of your browser. 4. There is no official patch for this bug at the moment. You can fix the bug manually. Change the string 61 in profile.php file to the following:
if ( ($key != $new_password_key) || (empty($key)) )
Link on PCH-TEAM Forevers
and sorry for my English
Òåìà: Bug in PunBB 1.2.3 forum (Activation Key)
Îïàñòíîñòü: íèçêàÿ
Ñîäåðæàíèå îøèáêè:
Íåêîððåêòíàÿ ïðîâåðêà êëþ÷à àêòèâàöèè â ñêðèïòå profile.php.
Äàííûé ñêðèïò ìîæåò ïðîèçâîäèòü àêòèâèöèþ àêêàóíòà ïîëüçîâàòåëÿ ïî ññûëêå,
êîòîðàÿ ïðèõîäèò íà ÿùèê(e-mail), êîòîðûé óêàçûâàåò ïîëüçîâàòåëü ïðè ðåãèñòðàöèè.
Îáû÷íî òàêàÿ ññûëêà âûãëÿäèò òàê:
http://<path_to_forum>/profile.php?action=change_pass&id=5&key=1234567
Ãäå id - ýòî èäåíòèôèêàòîð ïîëüçîâàòåëÿ, à key - êëþ÷ àêòèâàöèè.
Óêàçàâ id ïîëüçîâàòåëÿ (æåëàòåëüíî ñóùåñòâóþùåãî), åãî òåêóùèé ïàðîëü áóäåò
óäàëåí(ò.å. password=NULL). Òàêèì îáðàçîì íà óÿçâèìîì ôîðóìå âîçìîæíî óäàëèòü ó
âñåõ ïîëüçîâàòåëåé ïàðîëè, ÷òî ëèøèò èõ äîñòóïà ê ñâîåìó àêêàóíòó íà ôîðóìå.
Ïðîéòè àâòîðèçàöèþ ñ ïóñòûì ïàðîëåì íå ïîëó÷èòüñÿ,òàê êàê ïåðåäïîëàãàåòñÿ,
÷òî ïàðîëü íå áóäåò è íå ìîæåò áûòü íèêîãäà ïóñòûì!!!
Ïðèìåð ýêñïëîèòà:
http://<path_to_forum>/profile.php?action=change_pass&id=2&key=
 äàííîì ñëó÷àå ïàðîëü áóäåò "çàòåðò" ó ïîëüçîâàòåëÿ ñ èäåíòèôèêàòîðîì id=2
!!!Òàê æå òðåáóåòñÿ ÷òîáû âñå êóêèñû öåëåâîãî óÿçâèìîãî ôîðóìà áûëè óäàëåíû!!!
!!!Åñëè âàñ ðåäèðåêòèò íà ãëàâíóþ ñòðàíèöó ïîïðîáóéòå î÷èñòèòü âåñü õèñòîðè áðàóçåðà!!!
Îôèöèàëüíîãî óñòðàíåíèÿ óÿçâèìîñòè íà äàííûé ìîìåíò íåò.
Ìîæåòå èñïðàâèòü äàííûé áàã âðó÷íóþ.
èñïðàâüòå ñòðîêó 61 â ôàéëå profile.php íà ñëåäóþùóþ ñòðîêó:
if ( ($key != $new_password_key) || (empty($key)) )
Today our group PcH-team (www.pch-team.com) found vulnerability in forum punBB 1.2.3 this vulnerability it reveals the way of installation it leads to the the possible SQL- inj.
Only to administrators or to the moderators of forum.Vulnerability appears as a result of the error in the code of file moderate.php demand of the type
http://site.com/punbb/moderate.php?.get_.host=2 '
it brings in to the disclosure of the way of installation and SQL- inj.
the error of the form:
Warning: gethostbyaddr(): Address is not a valid IPv4 or IPv6 address in /.yuome/site.chom/domains/sitechom /.publich_.yutml/punbb/moderate.php on line 53
elimination of this vulnerability is the following:
message('The IP address is: '.$ip.'<br />The host name is: '.gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>');
on:
message('The IP address is: '.$ip.'<br />The host name is: '.@gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>');
The reference on www.pch-team.com IS REQUIRED with the publication.
Thanks.
Ñåãîäíÿ íàøåé ãðóïïîé PCH-team (www.pch-team.com) áûëà íàéäåíà óÿçâèìîñòü â ôîðóìå punBB 1.2.3
Äàííàÿ óÿçâèìîñòü ðàñêðûâàåò ïóòü óñòàíîâêè è ïðèâîäèò ê âîçìîæíîé SQL-inj
Òîëüêî àäìèíèñòðàòîðàì èëè ìîäåðàòîðàì ôîðóìà.
Óÿçâèìîñòü âîçíèêàåò èç-çà îøèáêè â êîäå ôàéëà moderate.php
Çàïðîñ òèïà http://site.com/punbb/moderate.php?get_host=2' ïðèâîäèò â ðàñêðûòèþ ïóòè óñòàíîâêè è SQL-inj
Îøèáêà âèäà :
Warning: gethostbyaddr(): Address is not a valid IPv4 or IPv6 address in /home/site.com/domains/sitecom /public_html/punbb/moderate.php on line 53
Óñòðàíåíèå äàííîé óÿçâèìîñòè ñëåäóþùåå:
 ôàéëå moderate.php èñïðàâèòü 53 ñòðîêó âèäà:
message('The IP address is: '.$ip.'<br />The host name is: '.gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>');
íà:
message('The IP address is: '.$ip.'<br />The host name is: '.@gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>');
Ïðè ïóáëèêàöèè ññûëêà íà www.pch-team.com ÎÁßÇÀÒÅËÜÍÀ.
Ñïàñèáî.
??? ?????????? ???????? ???????? poster_id ?? ??????? punbb_posts
? ?????? ?? ? ?????????? ??? ??? ??????? ?
?????? ???? $poster_id=$db->query("SELECT * FROM punbb_posts WHERE poster_id "); ????????? sad
?????????? ? ??????? ? ?? ?????
??? ????? ?????? ????????? ?????? ?? ?????? punbb. ????? ????? ?? http://punres.org/files.php/ ??? ????? ????? ?? ?
Posts found: 6