styles_admin potential vulnerability

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Anti-Spam Guide
Post Reply
User avatar
psoTFX
Former Team Member
Posts: 7425
Joined: Tue Jul 03, 2001 8:50 pm

styles_admin potential vulnerability

Post by psoTFX » Thu Jun 26, 2003 12:21 am

Our hearty (non) thanks to the person who released this information without bothering to contact us first (he even boasts about not informing us).

There is a potential vulnerability in admin/admin_styles.php ... while it cannot (directly) lead to damage to your board it may allow people to access other files on the operating system. Therefore you are advised to modify the file as follows:

Find:

Code: Select all

//
// Load default header
//
//
// Check if the user has cancled a confirmation message.
//
$phpbb_root_path = "./../";

$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;

if (empty($HTTP_POST_VARS['send_file']))
{
	$no_page_header = ( $cancel ) ? TRUE : FALSE;
	require($phpbb_root_path . 'extension.inc');
	require('./pagestart.' . $phpEx);
}

if ($cancel)
{
	redirect('admin/' . append_sid("admin_styles.$phpEx", true));
}
Replace with:

Code: Select all

//
// Load default header
//
//
// Check if the user has cancled a confirmation message.
//
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');

$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;

$no_page_header = (!empty($HTTP_POST_VARS['send_file']) || $cancel) ? TRUE : FALSE;

require('./pagestart.' . $phpEx);

if ($cancel)
{
	redirect('admin/' . append_sid("admin_styles.$phpEx", true));
}
Feel free to let the person know how you feel about releasing vulnerability information without informing us first ... you'll find links on the securityfocus.com release:

http://www.securityfocus.com/bid/7932/credit/

Post Reply

Return to “Announcements”

Who is online

Users browsing this forum: Java 1 and 38 guests