miniBB ® miniBB®
miniBB Support Forums
 | Forums | Register | Reply | Search | Statistics | Manual |
News & Announcements miniBB Support Forums / News & Announcements /   

miniBB ver. 2.5a released: SQL injection and XSS fixes

Author Paul
Lead Developer
#1 | Posted: 5 Nov 2010 06:38 | Edited by: Paul 
As it was recently reported by "High Tech Bridge" website, respectively, issue #HTB22671 and #HTB22670, there were found an XSS and SQL injection vulnerabilities, which are fixed in this release.

The files to fix are bb_func_usrdat.php (which you simply may overwrite to your existing file), and bb_codes.php, specifically, BB codes for [img] and [imgs] tags containing a possible ALT.

For fixing BB codes, locate the following and update your file, in the function enCodeBB() only.

It was:

/* local images - allowed for everybody */

...

/* fixed width and ALT */
$pattern[]='#\[imgs=('.$dotsSiteUrl.'[^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png)\](.+?)\[/imgs\]#i';

...

/* Non-declared code - without fixed width, with mandatory alt */
$pattern[]='#\[img=('.$dotsSiteUrl.'[^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png)\](.+?)\[/img\]#i';

/* external images - only allowed the proper extensions and codes by permission */

...

/* fixed width and ALT */
$pattern[]="/\[imgs=(http[s]*:\/\/([^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png))\](.+?)\[\/imgs\]/i";

...

/* Non-declared code - without fixed width, with alt - external images */
$pattern[]="/\[img=(http[s]*:\/\/([^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png))\](.+?)\[\/img\]/i";


It is now:

/* local images - allowed for everybody */

...

/* fixed width and ALT */
$pattern[]='#\[imgs=('.$dotsSiteUrl.'[^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png)\]([^<>\n\r\[\]&=/"\']+?)\[/imgs\]#i';

...

/* Non-declared code - without fixed width, with mandatory alt */
$pattern[]='#\[img=('.$dotsSiteUrl.'[^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png)\]([^<>\n\r\[\]&=/"\']+?)\[/img\]#i';

...

/* external images - only allowed the proper extensions and codes by permission */

...

/* fixed width and ALT */
$pattern[]="/\[imgs=(http[s]*:\/\/([^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png))\]([^<>\n\r\[\]&=\/\"']+?)\[\/imgs\]/i";

...

/* Non-declared code - without fixed width, with alt - external images */
$pattern[]="/\[img=(http[s]*:\/\/([^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png))\]([^<>\n\r\[\]&=\/\"']+?)\[\/img\]/i";


Please report if you find any troubles with it, or any new issues.

Download miniBB 2.5a and upgrade today! Despite I can't find the "right" door for these issues, it doesn't mean there are no talented hackers around which could compromise your forum.

Author Paul
Lead Developer
#2 | Posted: 9 Nov 2010 11:24 
A little update to this: bb_func_usrdat.php file was re-fixed today to fix a bug over a bugfix :-)

Please update it once again.

Author jontrac
Registered
#3 | Posted: 9 Nov 2010 20:24 
Thanks for the update Paul.

Author astass
Registered
#4 | Posted: 20 Sep 2011 08:59 | Edited by: astass 
XSS vulnerability in a file and is not resolved - bb_codes_sig.php ( Signatures)
lines:
/* [IMGS] tag code - with fixed width and ALT */
$pattern[]="/\[img=(http:\/\/([^<> \n\r\[\]&]+?)\.?(gif|jpg|jpeg|png)?)\](.*?)\[\/img\]/i";

should be:
/* [IMGS] tag code - with fixed width and ALT */
$pattern[]="/\[img=(http:\/\/([^<> \n\r\[\]&]+?)\.?(gif|jpg|jpeg|png)?)\]([^<>\n\r\[\]&=\/\"']+?)\[\/img\]/i";

The site administrator anabot found and made the corrections. I hope many will benefit.

Author Paul
Lead Developer
#5 | Posted: 20 Sep 2011 12:13 
Thank you. Now it is fixed :)

News & Announcements miniBB Support Forums / News & Announcements / miniBB ver. 2.5a released: SQL injection and XSS fixes Top

Your Reply Click this icon to move up to the quoted message

 Short link for this topic:

 ?
Only registered users are allowed to post here. Please, enter your username/password details upon posting a message, or register first.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
 
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
Proceed with the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
Captcha Addon for miniBB