Posible patch for sitex

Saturday, April 14, 2007
Hello !

vendor url: http://sitex.bjsintay.com/

Specific entry:http://sourceforge.net/tracker/index.php?
func=detail&aid=1700736&group_id=121558&atid=690690

osvdb id:33158,33159,33160,33161

http://archives.neohapsis.com/archives/bugtraq/2007-02/0477.html

http://www.securityfocus.com/archive/1/archive
/1/461305/100/0/threaded

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1234

after study this vulns i found a simple posible patch.

Some others params are afected like albumid upon submit to albun.php
username box upon submision to login.php ,search box upon submision
to search.php and multiple others params.

The most of those flaws could be solve by a simple patch
for "emergency" before the vendor release a update or a patch.

Open includes/functions.php

arround line 12-13 we have this code
####################################################
// - = - = - = - = - = - = - = - = -
// GLOBAL CODE
// - = - = - = - = - = - = - = - = -

// Convert post, get, and server variables for shorthand use and
// register globals compatibility

if (!empty($_POST)) foreach ($_POST as $k => $v) $$k = $v;
if (!empty($_GET)) foreach ($_GET as $k => $v) $$k = $v;
if (!empty($_SERVER)) foreach ($_SERVER as $k => $v) $$k = $v;
if (!empty($_COOKIE)) foreach ($_COOKIE as $k => $v) $$k = $v;
if (!empty($_SESSION)) foreach ($_SESSION as $k => $v) $$k = $v;

// Prevent PHP include vulnerability, initialize important vars,
will be over-written
##################################################


you can change for this other :

##################################################

// stop XSS function to mitigate the posible XSS flaws
//use StopXSS(param or function)

function StopXSS($text){

$text = preg_replace("/(\)/si", "", "$text");
$text = strip_tags($text);
$text = str_replace(array("'","\"",">","<","\\"), "", $text);
return $text;

}

// - = - = - = - = - = - = - = - = -
// GLOBAL CODE
// - = - = - = - = - = - = - = - = -

// Convert post, get, and server variables for shorthand use and
// register globals compatibility

if (!empty($_POST)) foreach ($_POST as $k => $v) $$k = StopXSS($v);
if (!empty($_GET)) foreach ($_GET as $k => $v) $$k = StopXSS($v);
if (!empty($_SERVER)) foreach ($_SERVER as $k => $v) $$k = StopXSS($v);
if (!empty($_COOKIE)) foreach ($_COOKIE as $k => $v) $$k = StopXSS($v);
if (!empty($_SESSION)) foreach ($_SESSION as $k => $v) $$k = StopXSS($v);

// Prevent PHP include vulnerability, initialize important vars, will
be over-written

#########################################################

and the most of xss flaws now are solved :D

This patch are explain and update here :

http://lostmon.blogspot.com/2007/04/
final-patch-for-sitex-073-beta-xss.html

Thnx for your time !!!

Thnx to OSVDB !!!

--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Post by Lostmon in 11:16:00 AM
Categories: , , , ,
 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...