Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: hack0702.htm

phpBB2 2.0.8 privmsg.php SQL injection patch (critical).



phpBB2 2.0.8 privmsg.php SQL injection patch (critical).

Hey,

The below patch fixes the sql injection vulnerability
reported by Janek Vind "waraxe", in privmsg.php.

--
--- privmsg.php 2004-03-18 19:51:32.000000000 +0000
+++ privmsg.1.php       2004-03-26 19:51:07.000000000
+0000
@@ -212,7 +212,17 @@
                        break;
                case 'savebox':
                        $l_box_name =
$lang['Savebox'];
-                       $pm_sql_user .= "AND ( (
pm.privmsgs_to_userid = " . $userdata['user_id'] . "
+
+                       //
+                       // For some obscure reason,
the assignment
+                       // concatenation operator was
coded below, which
+                       // allowed an attacker to
append arbitrary SQL code
+                       // to the end of the
$pm_sql_user variable.
+                       // This is fixed below.
+                       //
+                       // -shaun2k2
+                       //
+                       $pm_sql_user = "AND ( (
pm.privmsgs_to_userid = " . $userdata['user_id'] . "
                                        AND
pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
                                OR (
pm.privmsgs_from_userid = " . $userdata['user_id'] . "
                                        AND
pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )
--

Also available from:
http://www.nettwerked.co.uk/code/privmsg-sqlinj.patch 

It should be noted that, as Janek stated, this serious
SQL injection vulnerability exists in ALL versions of
phpBB2 - even the latest.

The patch is written for the latest version of phpBB2,
2.0.8, and it prevents the issue successfully.



Thank you for your time.
Shaun.


	
	
		
___________________________________________________________
WIN FREE WORLDWIDE FLIGHTS - nominate a cafe in the Yahoo! Mail Internet Cafe Awards  www.yahoo.co.uk/internetcafes 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH