miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
News miniBB Support Forums / News /  
 

miniBB ver. 2.5a released: SQL injection and XSS fixes

 
Author Paul
Lead Developer 
#1 | Posted: 5 Nov 2010 06:38 
As it was recently reported by "High Tech Bridge" website, respectively, issue #HTB22671 and #HTB22670, there were found an XSS and SQL injection vulnerabilities, which are fixed in this release.

The files to fix are bb_func_usrdat.php (which you simply may overwrite to your existing file), and bb_codes.php, specifically, BB codes for [img] and [imgs] tags containing a possible ALT.

For fixing BB codes, locate the following and update your file, in the function enCodeBB() only.

It was:

/* local images - allowed for everybody */

...

/* fixed width and ALT */
$pattern[]='#\[imgs=('.$dotsSiteUrl.'[^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png)\](.+?)\[/imgs\]#i';

...

/* Non-declared code - without fixed width, with mandatory alt */
$pattern[]='#\[img=('.$dotsSiteUrl.'[^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png)\](.+?)\[/img\]#i';

/* external images - only allowed the proper extensions and codes by permission */

...

/* fixed width and ALT */
$pattern[]="/\[imgs=(http[s]*:\/\/([^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png))\](.+?)\[\/imgs\]/i";

...

/* Non-declared code - without fixed width, with alt - external images */
$pattern[]="/\[img=(http[s]
*:\/\/([^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png))\](.+?)\[\/img\]/i";

It is now:

/* local images - allowed for everybody */

...

/* fixed width and ALT */
$pattern[]='#\[imgs=('.$dotsSiteUrl.'[^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png)\]([^<>\n\r\[\]&=/"\']
+?)
\[/imgs\]#i';

...

/* Non-declared code - without fixed width, with mandatory alt */
$pattern[]='#\[img=('.$dotsSiteUrl.'[^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png)\]([^<>\n\r\[\]&=/"\']
+?)
\[/img\]#i';

...

/* external images - only allowed the proper extensions and codes by permission */

...

/* fixed width and ALT */
$pattern[]="/\[imgs=(http[s]*:\/\/([^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png))\]([^<>\n\r\[\]&=\/\"']+?)\[\/imgs\]/i";

...

/* Non-declared code - without fixed width, with alt - external images */
$pattern[]="/\[img=(http[s]
*:\/\/([^<> \n\r\[\]&]+?)\.(gif|jpg|jpeg|png))\]([^<>\n\r\[\]&=\/\"']+?)\[\/img\]/i";

Please report if you find any troubles with it, or any new issues.

Download miniBB 2.5a and upgrade today! Despite I can't find the "right" door for these issues, it doesn't mean there are no talented hackers around which could compromise your forum.

Author Paul
Lead Developer 
#2 | Posted: 9 Nov 2010 11:24 
A little update to this: bb_func_usrdat.php file was re-fixed today to fix a bug over a bugfix :-)

Please update it once again.

Author jontrac
Partaker
#3 | Posted: 9 Nov 2010 20:24 
Thanks for the update Paul.

Author astass
Partaker
#4 | Posted: 20 Sep 2011 08:59 
XSS vulnerability in a file and is not resolved - bb_codes_sig.php ( Signatures)
lines:
/* [IMGS] tag code - with fixed width and ALT */
$pattern[]="/\[img=(http:\/\/([^<> \n\r\[\]&]+?)\.?(gif|jpg|jpeg|png)?)\](.*?)\[\/img\]/i";

should be:
/* [IMGS] tag code - with fixed width and ALT */
$pattern[]="/\[img=(http:\/\/([^<> \n\r\[\]&]+?)\.?(gif|jpg|jpeg|png)?)\]([^<>\n\r\[\]&=\/\"']+?)\[\/img\]/i";
The site administrator anabot found and made the corrections. I hope many will benefit.

Author Paul
Lead Developer 
#5 | Posted: 20 Sep 2011 12:13 
Thank you. Now it is fixed :)

News miniBB Support Forums / News /
 miniBB ver. 2.5a released: SQL injection and XSS fixes
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Proceed with the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑