Waraxe IT Security Portal
Login or Register
July 21, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 210
Members: 0
Total: 210
Full disclosure
[KIS-2024-06] XenForo <= 2.2.15 (Template System) Remote Code Execution Vulnerability
[KIS-2024-05] XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability
CVE-2024-33326
CVE-2024-33327
CVE-2024-33328
CVE-2024-33329
CyberDanube Security Research 20240703-0 | Authenticated Command Injection in Helmholz Industrial Router REX100
SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice
SEC Consult SA-20240626-0 :: Multiple Vulnerabilities in Siemens Power Automation Products
Novel DoS Vulnerability Affecting WebRTC Media Servers
APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8
40 vulnerabilities in Toshiba Multi-Function Printers
17 vulnerabilities in Sharp Multi-Function Printers
SEC Consult SA-20240624-0 :: Multiple Vulnerabilities allowing complete bypass in Faronics WINSelect (Standard + Enterprise)
SEC Consult SA-20240620-0 :: Arbitrary File Upload in edu-sharing (metaVentis GmbH)
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> Finally phpBB 2.0.17 is out!
Post new topicReply to topic View previous topic :: View next topic
Finally phpBB 2.0.17 is out!
PostPosted: Wed Jul 20, 2005 5:38 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Here is the info:

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=308490

Code:

Hi everyone,

phpBB Group announces the release of phpBB 2.0.17, the "no, we did not forget naming it last time" release. This release addresses several bugfixes and some low security issues as well as the recently seemingly wide-spread XSS issue (only affecting Internet Explorer).

Please have a look down this announcement for the code changes necessary to fix the XSS issue, we are again astounded about the energy people put into finding the smallest issue in phpBB 2.0.x, those must have a lot of time available. But on the other hand it is always increasing the products security since we do not introduce new features into the 2.0.x codebase.

With this announcement I want to give you some more information regarding phpBB's security. psoTFX (Paul S. Owen, Project Manager) initiated and brought forward the idea and concept of a complete security audit of the 2.0.x codebase. We introduced some top-notch security people, phpBB-Modders and very talented people from our teams to participate in this audit. We intend to implement the changes necessary - and also fixing the found issues, hopefully giving the now very aged codebase (it is still on a technical level from three years ago) a lift and bringing it up-to-date with security mechanisms and techniques which are common nowadays.

We also intend to open our private bugtracker system to the public for reporting 2.0.x bugs within the next days.

As with all new releases we urge you to update as soon as possible. You can of course find this download available on our downloads page. As per usual three packages are available to simplify your update.




Full Package
Contains entire phpBB2 source and English language package

Changed Files Only
Contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release

Patch Files
Contains patch compatible patches from the previous versions of phpBB.



As always, our Code Changes Tutorial is available too for those with heavily modded boards.
It can be downloaded from this location.

Select whichever package is most suitable for you.

Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation or updates!.

What has changed in this release?

The changelog (contained within this release) is as follows:




Added extra checks to the deletion code in privmsg.php - reported by party_fan

Fixed XSS issue in IE using the url BBCode

Fixed admin activation so that you must have administrator rights to activate accounts in this mode - reported by ieure

Fixed get_username returning wrong row for usernames beginning with numerics - reported by Ptirhiik

Pass username through phpbb_clean_username within validate_username function - AnthraX101

Fixed PHP error in message_die function

Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php - reported by Double_J

Also fixed above issue in usercp_viewprofile.php

Fixed incorrect setting of user_level on pending members if a group is granted moderator rights - reported by halochat

Fixed ordering of forums on admin_ug_auth.php to be consistant with other pages

Correctly set username on posts when deleting a user from the admin panel




Code changes to fix the XSS issue

Open includes/bbcode.php

Find (around Line 203):
Code:

$patterns[] = "#\[url\]([\w]+?://[^ \"\n\r\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];

// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.[^ \"\n\r\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url2'];

// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?\n\r\t].*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url3'];

// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\]([^?\n\r\t].*?)\[/url\]#is";



Replace with:
Code:

$patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];

// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url2'];

// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[] = "#\[url=([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url3'];

// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url=((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is";



Find (around Line 627):
Code:

$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);

// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <.
$ret = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $ret);



Replace with:
Code:

$ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);

// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <.
$ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $ret);




the phpBB Group


Well, i think, that phpBB developers are underestimating seriousness of this bug Wink
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Jul 20, 2005 5:56 pm Reply with quote
g30rg3_x
Active user
Active user
Joined: Jan 23, 2005
Posts: 31
Location: OutSide Of The PE




It was already the Hour of an official patch, Waraxe!

if you pay attention the patch for bbcode it seems much to your patch non fficial...

greetings
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Wed Jul 20, 2005 6:51 pm Reply with quote
Unicorn
Regular user
Regular user
Joined: Jul 17, 2005
Posts: 14




any xploitz?
View user's profile Send private message Visit poster's website
Finally phpBB 2.0.17 is out!
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.092 Seconds