Go Back   vb.org Archive > News and Announcements > News and Announcements
  #1  
Old 01-09-2005, 01:06 AM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default URGENT: private.php XSS risk in ALL vB3 including 3.0.5 (up to Revision: 1.262.2.2)

vBulletin.com announcement here:
http://www.vbulletin.com/forum/showt...983#post792983

THIS HAS NOTHING TO DO WITH THE RECENT 3.0.4 and 3.0.5 releases - this is a security hole that has been present in ALL vBulletin 3 releases, and has only just been discovered. Yes, unusually, 2 security loopholes found out in the same week that has been present the whole time in all vBulletin 3.

The announcement is this one:
-------------------------------------------------------------------------

An XSS issue has been discovered in 3.0.X in private.php; it affects all versions of vBulletin 3. While this issue is not nearly as serious as the issue that prompted the 3.0.5 release, we strongly recommend you patch your installation(s).

At the end of this post, you'll find a patched file and what to change if you wish to manually update your file.

As of this update, the download in the members' area has been patched. If you have downloaded 3.0.5 before this time, please redownload or use the provided private.php.

I just want to reiterate that it is not our intention to force you to have to update constantly. Once a security issue is reported--no matter the severity--we strive to release quick fixes; the same day the issue is discovered, regardless of whether it's a holiday or just any other day of the year, if possible. It just happened that there were several reports in the past week. We aim to have impeccable security, but sometimes things are missed by internal audits.

Thank you for understanding.


Do you have the patch already?

Technically, the members' area was patched before this post. If you don't want to use the provided private.php or see if you need to add the line provided below, search for:

CVS: $RCSfile: private.php,v $ - $Revision: 1.262.2.3 $

In your copy of private.php. If you find it, you have the patch already.


Manual Patch Instructions

In private.php, find the following:

PHP Code:
construct_checkboxes($pm); 


ABOVE it, add the following:

PHP Code:
$pm['recipients'] = htmlspecialchars_uni($pm['recipients']); 
Attached Files
File Type: php private.php (48.5 KB, 15 views)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:14 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10428 seconds
  • Memory Usage 2,214KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_attachment
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete