Serendipity Forums

User and developer community
https://board.s9y.org/

bbcodes security bugs

https://board.s9y.org/viewtopic.php?t=1516

Page 1 of 1

bbcodes security bugs

Posted: Thu Apr 14, 2005 4:46 pm
by kreon
I think you need to patch your bbcode-plugin (if you use it).
Path is here:
http://adz.void.ru/index.php?file&id=11
Vendor was informed, but no action was maded to fix it, so I did it myself.

Re: bbcodes security bugs

Posted: Thu Apr 14, 2005 4:48 pm
by garvinhicking
This is so not true. The "vendor" (in that case me) was notified 15 minutes before. I posted a mail to our mailinglist, as a proof of response and told kreon that I would look into this.

A patch will be made public from us, officially. But give us more than 15 minutes, alright.

Posted: Thu Apr 14, 2005 4:57 pm
by kreon
As I said before, this is a critical vulnerability...
F.e. - this is a cookie with admin session cached with script :)

Code: Select all

serendipity[author_information]=YToyOntzOjg6InVzZXJuYW1lIjtzOjc6ImpvaG5kb2UiO3M6ODoicG
Fzc3dvcmQiO3M6Nzoiam9obmRvZSI7fQ%3D%3D;%
20phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%
22autologinid%22%3Bs%3A32%3A%
2221232f297a57a5a743894a0e4a801fc3%22%3Bs%3A6%3A%
22userid%22%3Bs%3A1%3A%222%22%3B%7D;%
20w3t_myid=2;%
20PHPSESSID=657db285fa6208ac58433c6f0051dab7
Fully login data :) I can replace it in my browser to working as admin :)
So, if you use bbcodes, turn it off or install patch.

Posted: Thu Apr 14, 2005 6:51 pm
by garvinhicking
I have created a new patch which hopefully fixes the BBCodes properly, without affecting user-made HTML markup (for entries, not comments).

You can download the new version at http://www.netmirror.org/mirror/serendi ... bbcode.php or http://www.netmirror.org/mirror/serendi ... bcode.phps

I'd be happy to get some feedback and include this file in the upcoming Serendipity release.

Regards,
Garvin

Neither link gives the raw .php file

Posted: Thu Apr 14, 2005 7:24 pm
by Lesur
Both read it as a .php or maybe I am missing something.

Re: Neither link gives the raw .php file

Posted: Thu Apr 14, 2005 7:25 pm
by jhermanns
Lesur wrote:Both read it as a .php or maybe I am missing something.
If you are not, I am :P

clear as mud

Posted: Thu Apr 14, 2005 7:34 pm
by Lesur
Ok I guess I wasn't clear. Not the first time.

To me both links look like semi-processed php, but the .php header is missing and other information doesn't fully jive with the current event_bbcode file.

Here are the first few lines in the files:

Code: Select all

BBCode-Formatierung erlaubt'); break; case 'en': default: @define('PLUGIN_EVENT_BBCODE_NAME', 'Markup: BBCode'); @define('PLUGIN_EVENT_BBCODE_DESC', 'Markup text using BBCode'); @define('PLUGIN_EVENT_BBCODE_TRANSFORM', 'BBCode format allowed'); break; } class serendipity_event_bbcode extends serendipity_event { var $title = PLUGIN_EVENT_BBCODE_NAME; function introspect(&$propbag) { global

In the words of Homer Simpson

Posted: Thu Apr 14, 2005 7:41 pm
by Lesur
I am so smart, I am so smart ... S..A..M..R..T ....

Right click and download works fine. Sorry for the line noise.
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited