• are
  • DeltaScripts Developer
  • Offline
  • From: Norway
  • Registered: 2001-02-10
  • Posts: 7,452

Topic: Security Issue Solution v7.5

The v7.5 is now updated (10.11.2008). The zip file that is fixed has the file "includes_patch1.txt" inside the zip. Only admin/login.php is updated/changed, just replace it with your old admin/login.php.

The hack is working because a typo in the code. All input is normally validated, but since the variable is typed with one large letter wrong, the validation routine is bypassed.

Quick fix for the most urgent one is this:

In admin/login.php, line 41:

Change from:

$lUserName=strToDb($lUsername);

to:

$lUsername=strToDb($lUsername);

NOTE: There is also a bug in links.php, the new .zip will contain this fix.

Change line 24, from this:

$order = getParam("order",""); // Guest chooseable sort order

To this:

$order = cleanInput(getParam("order","")); // Guest chooseable sort order

If you have been backed..
Check your classifieds directory. If you have the "admin" username unchanged, "hackers" are able to login to admin area. There, they will most likely change one template or language file. Check for changed template files in template editor, an * will mark a changed template.

The reason why many sites gets hacked now is due to a description to do this is posted to bugtraq lists.

I would also suggest to password protect your admin area using .htaccess (control panel protection that cPanel, Plesk, Webmin etc. can do for you).

Regards,
Are

http://www.deltascripts.com

are's Website

+ -

  • aries
  • Been around
  • Offline
  • Registered: 2006-11-20
  • Posts: 104

Re: Security Issue Solution v7.5

Are, please check this item, post by istreen: (Multiple vulnerabilities)
http://www.deltascripts.com/board/topic … abilities/

+ -

  • Registered: 2008-10-14
  • Posts: 25

Re: Security Issue Solution v7.5

you can see attack xss
http://www.event-city.fr:80/choose_cat.php/>"><ScRiPt>alert(437875964861)</ScRiPt> working with ie7

you solution in admin/login.php, line 41:

Don't resolved, you could be use http://fr.php.net/manual/en/function.htmlentities.php or http://fr.php.net/manual/en/function.ht … lchars.php

+ -

  • Registered: 2002-10-24
  • Posts: 115

Re: Security Issue Solution v7.5

In the zip the file: includes_patch1.txt is named as: includes_patch1.txt.txt and is empty.

NewOpps.com - New Business Opportunities

+ -

  • aries
  • Been around
  • Offline
  • Registered: 2006-11-20
  • Posts: 104

Re: Security Issue Solution v7.5

This file (includes_patch1.txt) is only signal that already have patch applied.

+ -

  • aries
  • Been around
  • Offline
  • Registered: 2006-11-20
  • Posts: 104

Re: Security Issue Solution v7.5

istreen wrote:

you can see attack xss
http://www.event-city.fr:80/choose_cat.php/>"><ScRiPt>alert(437875964861)</ScRiPt> working with ie7

For the XSS is need sanitize $_SERVER["PHP_SELF"].
In header_inc.php found

include_once("includes/common_public_inc.php");

Add next this line

$_SERVER["PHP_SELF"] = htmlspecialchars(cleanInput( $_SERVER["PHP_SELF"]));

+ -

  • Registered: 2007-09-06
  • Posts: 24

Re: Security Issue Solution v7.5

There is a bug i just discovered, try this:
while posting ( or editing an ad) in the description of your ad, put this 2 character line
<>
and your server gets crazy!
it says:
Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 63327343 bytes) in /home/content/..../html/includes/inputfilter.php on line 98

why?

+ -

  • stubyh
  • Experienced user
  • Offline
  • Registered: 2007-05-25
  • Posts: 200

Re: Security Issue Solution v7.5

the bug in inputfilter.php can be fixed as follows.
Original post on www.phpclasses.org by user Nashar on the 2007-12-31 08:19:07

If you process an empty tag followed by anything, like '<>foo', the script gets stuck in a infinite loop until you get a lovely message like:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 29360137 bytes) in \includes\class.inputfilter.php on line 134

The fix is to change line 114 from:

if (!$tagOpen_end) {

to

if ($tagOpen_end === false) {

Cheers!

regards

stubyh

The greatest mistake you can make in life is to be continually fearing you will make one.

+ -

  • From: Linksprocket
  • Registered: 2004-11-15
  • Posts: 849

Re: Security Issue Solution v7.5

works a treat thanks

Ciao
Free Dates http://www.confessionwall.com

swapshop's Website

+ -

  • Registered: 2007-09-06
  • Posts: 24

Re: Security Issue Solution v7.5

stubyh wrote:

the bug in inputfilter.php can be fixed as follows.
Original post on www.phpclasses.org by user Nashar on the 2007-12-31 08:19:07

If you process an empty tag followed by anything, like '<>foo', the script gets stuck in a infinite loop until you get a lovely message like:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 29360137 bytes) in \includes\class.inputfilter.php on line 134

The fix is to change line 114 from:

if (!$tagOpen_end) {

to

if ($tagOpen_end === false) {

Cheers!

regards

stubyh

Thanks alot Stubyh for the solution, but doesn't it degrade the security of the website?

+ -

  • stubyh
  • Experienced user
  • Offline
  • Registered: 2007-05-25
  • Posts: 200

Re: Security Issue Solution v7.5

ar_et

    Unfortunately all programming has some vulnerability. You only have to look at Microsoft and see the number of patches they produce on the 2nd Tuesday of every month and they have thousands of employees.

    The good part of open source programming is that when a problem is found either the code owner in this case 'ARE' or a member of the forum will hopefully find out the answer and post it. The inputfilter.php was written sometime back and not by the code of this programme (I assume). it is always best to check your code for this type of open source coding and checkout the coders web site or forum for any updates and implement them, due to the size and complexity of programs this can take a while so we all rely on the users as testers I'm afraid.

regards

Stubyh

The greatest mistake you can make in life is to be continually fearing you will make one.

+ -

  • Registered: 2010-04-19
  • Posts: 2

Re: Security Issue Solution v7.5

Hi,

Reasons of Security Issues to Networks :-

There are multiple reasons for any network to get victimized by viruses, malware, worms and other security threats. Most common reasons for such security attacks in small sized companies are not using proper, licensed versions of Anti virus software. And of course using risky sites also download dangerous malware when network is not properly secured, which infects the entire network.
When any network uses non genuine, non licensed or cracked versions of anti virus and similar software, they do not update the latest virus signature file to protect the system till date. When new viruses are launched, this software doesn’t have latest viruses threats defined in their signature files, hence it exposes the entire network to these virus threats, and more often or a not network does get infected. As much as NA knowledge is important I couldn’t emphasize more on end user awareness as well. End users are those users who put the entire network to use and put on risk at the same time. Their education is very crucial and has importance as well. The end user education on security threats and how do avoid them can play major role in keeping network up and securely running.
There is another major type of attack which most of the companies ignore and eventually pay for it. These attacks are commonly known to be inside attacks. Ex employ of the company can be serious threat to the company networks, especially if ex employ had network related job, since all the critical information related network can be known in such cases, they can easily connect to the networks by making remote connecting using VPN, or through other sources, they can transfer viruses, malicious software which can leak secret and important information for organization point of view. There can be many other threats which can make any company life uneasy. To avoid such incidences, make sure to update all information, username and password as soon some one from network related jobs get vacant.
Admin information should always be updated once in 24hrs any way to keep network safe from any un wanted situations.
It is responsibility of NA to keep closer look to all the employees of the network, they should be award about their activities being logged and looked upon. There would be fewer chances of any inside security attacks if users are under an impression of being watched closely.
__________________________________________________________________________________________________

Buy Leads

+ -

  • Registered: 2010-04-19
  • Posts: 2

Re: Security Issue Solution v7.5

Hi,

  A complete end-to-end solution, Facility Commander Wnx v7.5 is an ideal solution for businesses seeking to self-monitor and self-manage security operations over their existing IT network infrastructure. Integrating access control, photo identification credentialing, video surveillance and alarm monitoring under one platform ensures customers have immediate access to information; thereby reducing the response time to potential security threats.

Thanks,
Smith

Trade Event

+ -