Final patch For SiteX 0.7.3 beta XSS flaws

Saturday, April 21, 2007
####################################################
Patch for SiteX 0.7.3 beta XSS flaws
vendor url: http://sitex.bjsintay.com/
original article:http://lostmon.blogspot.com/2007/04/
final-patch-for-sitex-073-beta-xss.html
####################################################

patch for all of this related vulns:


http://osvdb.org/displayvuln.php?osvdb_id=33158
http://osvdb.org/displayvuln.php?osvdb_id=33159
http://osvdb.org/displayvuln.php?osvdb_id=33160

In all Files what we edit are included this file :

'includes/functions.php'

Open this file and add a new Function arround line 12-13

#####################################################
// stop XSS function to mitigate the posible XSS flaws
//use StopXSS(param or function)

function StopXSS($text){

$text = preg_replace("/(\<script)(.*?)(script>)/si", "", "$text");
$text = strip_tags($text);
$text = str_replace(array("'","\"",">","<","\\","`","´"), "", $text);
return $text;

}


####################################################

change this code :
####################################################
// - = - = - = - = - = - = - = - = -
// GLOBAL CODE
// - = - = - = - = - = - = - = - = -

// Convert post, get, and server variables for shorthand use and
// register globals compatibility

if (!empty($_POST)) foreach ($_POST as $k => $v) $$k = $v;
if (!empty($_GET)) foreach ($_GET as $k => $v) $$k = $v;
if (!empty($_SERVER)) foreach ($_SERVER as $k => $v) $$k = $v;
if (!empty($_COOKIE)) foreach ($_COOKIE as $k => $v) $$k = $v;
if (!empty($_SESSION)) foreach ($_SESSION as $k => $v) $$k = $v;

// Prevent PHP include vulnerability, initialize important vars,
will be over-written
#####################################################
for this other:
#####################################################
// - = - = - = - = - = - = - = - = -
// GLOBAL CODE
// - = - = - = - = - = - = - = - = -

// Convert post, get, and server variables for shorthand use and
// register globals compatibility

if (!empty($_POST)) foreach ($_POST as $k => $v) $$k = $v;
if (!empty($_GET)) foreach ($_GET as $k => $v) $$k = StopXSS($v);
if (!empty($_SERVER)) foreach ($_SERVER as $k => $v) $$k = StopXSS($v);
if (!empty($_COOKIE)) foreach ($_COOKIE as $k => $v) $$k = StopXSS($v);
if (!empty($_SESSION)) foreach ($_SESSION as $k => $v) $$k = StopXSS($v);

// Prevent PHP include vulnerability, initialize important vars, will be over-written
#####################################################

SiteX in full of XSS flaws , all variables are afected.


########################
OSVDB ID: 33158
########################
calendar.php
Cross-Site Scripting in variables $sxMonth and $sxYear fixed !!

########################
OSVDB ID: 33159
########################
search.php
Cross-site scripting in $search fixed !!

########################
OSVDB ID:33160
########################
redirect.php
Cross-Site scripting in $linkid fixed !!

#####################################################

it also fix this variables:

- albumid and page upon submision to adbum.php
- error upon submision to login.php
- type upon submision to search.php
- sxEntryID upon submision to journal.php
- photoid,albumid and page upon submision to photo.php
- forumid and topicid upon submision forums_topic.php

###################################################
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...