Potential security issue with search

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Suggested Hosts
User avatar
psoTFX
Former Team Member
Posts: 7425
Joined: Tue Jul 03, 2001 8:50 pm

Potential security issue with search

Post by psoTFX »

We've been notified by Niels Teusink of a flaw in search.php. This, under the right circumstances with certain server versions be exploited to obtain password hashes. The chances of this being taken advantage of on wide scale are slim. However we recommend all existing users of phpBB 2.0.x make the (single line) change specified below.

We have now updated all archives (for 2.0.6) as made available on the download page here. Therefore all new installations and upgrades will be immune.

To fix this flaw please open search.php in any text editor. Find the following code (in the vanilla release of 2.0.6 this can be found around line 685):

Code: Select all

		if ( intval($search_id) )
		{
			$sql = "SELECT search_array 
				FROM " . SEARCH_TABLE . " 
				WHERE search_id = $search_id  
					AND session_id = '". $userdata['session_id'] . "'";
Replace it with the following:

Code: Select all

		$search_id = intval($search_id);
		if ( $search_id )
		{
			$sql = "SELECT search_array 
				FROM " . SEARCH_TABLE . " 
				WHERE search_id = $search_id  
					AND session_id = '". $userdata['session_id'] . "'";
Save and if necessary upload this copy to your webserver replacing your existing version.

Return to “Announcements”