CuteNews

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> [BUG][EXPLOIT] Users.db.php in search
(lKj)
post Mar 14 2010, 02:50 PM
Post #1


Shoulders, toes and knees; I'm 36 degrees<3
***

Group: Support
Posts: 4,470
Joined: 4-December 06
From: CH
Member No.: 80,906



Name: Disclosure of user database in search.php
Reported by: Stephan (via e-mail)
Author of fix: (lKj)
CuteNews Compatibility: 1.3.6 - * (no incompatibility reported yet) and UTF-8 CuteNews 1 - 8b (downloaded prior to Mar 13th 2010)
Description: If search.php is included on a page where show_news.php or show_archives.php has already been included, the whole contents of the user database will be shown in the Author field.
This issue has been fixed in UTF-8 CuteNews 8b as of March 13th 2010. Users who already have UTF-8 CuteNews 8b installed only have to overwrite show_news.php, show_archives.php and search.php from the new .zip at the UTF-8 CN project page.

Instructions:
In show_news.php, find:
CODE
unset($static, $template, $requested_cats, $category, $catid, $cat,$reverse, $in_use, $archives_arr, $number, $no_prev, $no_next, $i, $showed, $prev, $used_archives);


Replace with:
CODE
unset($static, $template, $requested_cats, $category, $catid, $cat,$reverse, $in_use, $archives_arr, $number, $no_prev, $no_next, $i, $showed, $prev, $used_archives, $user);


In show_archive.php, find:
CODE
unset($template, $requested_cats, $reverse, $in_use, $archive, $archives_arr, $number, $no_prev, $no_next, $i, $showed, $prev, $used_archives);


Replace with:
CODE
unset($template, $requested_cats, $reverse, $in_use, $archive, $archives_arr, $number, $no_prev, $no_next, $i, $showed, $prev, $used_archives, $user);


If you are using CuteNews 1.4.6, find in search.php:
CODE
// Define Users
$all_users = file("$cutepath/data/users.db.php");

If you are using UTF-8 CuteNews, find:
CODE
$story = utf8_htmlentities($story);
$title = utf8_htmlentities($title);


Add below:
CODE
if(!isset($user) && isset($_GET['user'])){
$user = htmlentities($_GET['user']);
}


Upload those three files, check that the fix is successful and you're set smile.gif.


--------------------
If you have display problems, consider validating your website's HTML at http://validator.w3.org
I can give support in English, French, German, Dutch and some Spanish / Italian.
Personal website: http://korn19.ch
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 23rd October 2014 - 03:00 AM