|
16.12.2005, 23:01
Продукт: PHP-NUKE
Версия: 7.9 и ниже
Затронуты файлы: mainfile.php
Описание: Имеющийся по стандарту фильтр входящего POST и GET запросов обрабатывает, работает не корректно, и имеется возможность все-таки внедрить вредоносный html код и применить XSS атаку.
Устранение:
Открываем mainfile.php
Находим:
PHP код:
foreach ($_GET as $sec_key => $secvalue) { if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("\([^>]*\"?[^)]*\)", $secvalue)) || (eregi("\"", $secvalue)) || (eregi("forum_admin", $sec_key)) || (eregi("inside_mod", $sec_key))) { die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]"); } } foreach ($_POST as $secvalue) { if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) { die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]"); } }
И заменяем на:
PHP код:
foreach ($_GET as $sec_key => $secvalue) { if((eregi("<[^>]*script*\"?[^>]*", $secvalue)) || (eregi("<[^>]*object*\"?[^>]*", $secvalue)) || (eregi("<[^>]*iframe*\"?[^>]*", $secvalue)) || (eregi("<[^>]*applet*\"?[^>]*", $secvalue)) || (eregi("<[^>]*meta*\"?[^>]*", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*", $secvalue)) || (eregi("<[^>]*form*\"?[^>]*", $secvalue)) || (eregi("<[^>]*img*\"?[^>]*", $secvalue)) || (eregi("<[^>]*onmouseover *\"?[^>]*", $secvalue)) || (eregi("<[^>]*body *\"?[^>]*", $secvalue)) || (eregi("\([^>]*\"?[^)]*\)", $secvalue)) || (eregi("\"", $secvalue)) || (eregi("forum_admin", $sec_key)) || (eregi("inside_mod", $sec_key))) { die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]"); } } foreach ($_POST as $secvalue) { if ((eregi("<[^>]*iframe*\"?[^>]*", $secvalue)) || (eregi("<[^>]*object*\"?[^>]*", $secvalue)) || (eregi("<[^>]*applet*\"?[^>]*", $secvalue)) || (eregi("<[^>]*meta*\"?[^>]*", $secvalue)) || (eregi("<[^>]*form*\"?[^>]*", $secvalue)) || (eregi("<[^>]*img*\"?[^>]*", $secvalue)) || (eregi("<[^>]*onmouseover*\"?[^>]*", $secvalue)) || (eregi("<[^>]script*\"?[^>]*", $secvalue)) || (eregi("<[^>]*body*\"?[^>]*", $secvalue)) || (eregi("<[^>]style*\"?[^>]*", $secvalue))) { die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]"); } }
|
|