 [BUG][EXPLOIT] ipban |
  |
 Apr 28 2009, 05:01 PM
Post
#1
|
|
|
Advanced Member  Group: Support Posts: 1,549 Joined: 25-February 05 From: Germany Member No.: 2,775  |
Name: ipban exploit fix
Author: FI-DD CuteNews Compatibility: 1.3.6 - * (no incompatibility reported yet) Description: Notes by FUNimations: There seems to be a exploit in CuteNews that can only be abused by admin users. Though i don't understand how this exploit works, FI-DD believes that the following should fix the problem. (lKj): This flaw (among others) is already fixed in UTF-8 CuteNews. No altering files necessary! Discussion Topic: Instructions: In inc/ipban.mdu find this: CODE if(!$add_ip){ msg("error","Error !!!","The IP can not be blank", "$PHP_SELF?mod=ipban"); } and add below: CODE elseif(!preg_match("/^[0-9*]{1,3}\.[0-9*]{1,3}\.[0-9*]{1,3}\.[0-9*]{1,3}$/", $add_ip)){
die("That's not a valid IP."); } -------------------- Cutenews + MySQL
My hacks: Calendar Advanced Pagination Search Pagination Live Search Mod_rewrite/Search engine friendly urls Comment preview hack Upload files hack Spam protection with image confirmation code (captcha) Advanced images/thumbnails hack Newsletter hack News preview hack Quick tags hack Unarchive hack for CN 1.3.6 |
 |
 
|
|
|
Lo-Fi Version | Time is now: 25th May 2013 - 07:15 AM |
Powered By IP.Board
© 2013 IPS, Inc.
Licensed to: CutePHP.com
Latest Software Solutions
