Potential security issue with search

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Get Involved

Potential security issue with search

Postby psoTFX » Mon Nov 24, 2003 2:48 pm

We've been notified by Niels Teusink of a flaw in search.php. This, under the right circumstances with certain server versions be exploited to obtain password hashes. The chances of this being taken advantage of on wide scale are slim. However we recommend all existing users of phpBB 2.0.x make the (single line) change specified below.

We have now updated all archives (for 2.0.6) as made available on the download page here. Therefore all new installations and upgrades will be immune.

To fix this flaw please open search.php in any text editor. Find the following code (in the vanilla release of 2.0.6 this can be found around line 685):
Code: Select all
      if ( intval($search_id) )
      {
         $sql = "SELECT search_array
            FROM " . SEARCH_TABLE . "
            WHERE search_id = $search_id 
               AND session_id = '". $userdata['session_id'] . "'";

Replace it with the following:
Code: Select all
      $search_id = intval($search_id);
      if ( $search_id )
      {
         $sql = "SELECT search_array
            FROM " . SEARCH_TABLE . "
            WHERE search_id = $search_id 
               AND session_id = '". $userdata['session_id'] . "'";

Save and if necessary upload this copy to your webserver replacing your existing version.
User avatar
psoTFX
Former Team Member
 
Posts: 7425
Joined: Tue Jul 03, 2001 8:50 pm

Return to Announcements

Who is online

Users browsing this forum: No registered users and 13 guests