Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Do not use the fix in lib-common.php . use in lib-security.php at /system/ dir

From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Sun, 5 Oct 2003 22:08:00 +0200
If you use the fix in your lib-common.php you will damage your geeklog
installation.
Use instead in lib-security.php ;-) at the [your geeklog core files , not
html]/system
Include the fix  after <?php tag.
----- THE FIX ----
foreach ($HTTP_GET_VARS as $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*span*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*h1*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*table*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*pre*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*em*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*input*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*td*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*option*\"?[^>]*>", $secvalue)) ||
 (eregi(";", $secvalue)) ||
 (eregi("'", $secvalue)) ||
 (eregi("ยด", $secvalue)) ||
 (eregi("`", $secvalue)) ||
(eregi("+", $secvalue)) ||
 (eregi("\"", $secvalue))) {
 die (";-) whereis lammer lammer: you");
    }
}
----- <<EOF -----

The advantage of this method is that all files of geeklog are using
lib-common.php and the lib-common.php script includes the code of
lib-security.php , al the things can be controlled by one script , thi is
more easy than edit all the independant files of the html dir and include
the fix.
Enjoy !
Regards,
------------------------------------------------------
Lorenzo Hernandez Garcia-Hierro
---       Security Consultant           ---
------------------NSRGroup-------------------
PGP: Keyfingerprint
D185 3555 8ECD 3921 6B21  ACC6 CEBB 2826 4B4C 283E
ID: 0x4B4C283E
Size: 4096
**********************************
NSRGroup
( No Secure Root Group Security Research Team ) /
( NovaPPC Security Research Group )
http://www.nsrg-security.com
______________________


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: