navigation  interaction  search

 other resources

Ticket #155 (defect)

Opened 2 years ago

Last modified 1 year ago

Security Vulnerability for PHP injection to game

Status: closed (fixed)

Reported by: brieb Assigned to: brieb
Priority: critical Milestone: 0.8
Component: phpbms Version: 0.7
Keywords: Cc:

A critical exploitable vulnerability exists where by a logged in user can craft a malicious form post to search.php can execute a php injection.

Attachments

vulnerability.patch (2.9 kB) - added by brieb on 06/13/07 10:07:15.
Potentinal Patch
php4.patch (0.6 kB) - added by brieb on 06/14/07 11:38:16.
Additional changes for php versions less than 5

Change History

06/13/07 10:07:15: Modified by brieb

  • attachment vulnerability.patch added.

Potentinal Patch

06/13/07 10:13:46: Modified by brieb

  • status changed from new to closed.
  • resolution set to fixed.

I have created what I believe to be an interim patch until 0.8 comes out. I recommend anyone running 0.7 to apply the patch as soon as possible. Anyone running older versions of phpBMS should upgrade to 0.7 and apply the patch.

While this vulnerability is only exploitable to people who have actually logged in, I feel that this a potentially critical security hole that should be addressed as soon as possible.

I would also like to give a big thank you to Ryan Cartner for not only reporting the error discretely, but giving us great insight on the details of it.

06/13/07 10:22:49: Modified by brieb

If you are not using subversion, and cannot apply the patch, simply update the search.php and include/search_class.php from the trunk available here:

http://phpbms.org/browser/trunk/phpbms/search.php?rev=243

http://phpbms.org/browser/trunk/phpbms/include/search_class.php?rev=243

06/14/07 11:38:16: Modified by brieb

  • attachment php4.patch added.

Additional changes for php versions less than 5

06/14/07 11:39:56: Modified by brieb

For people running php versions less than 5, you will need to also apply the changes from the additional patch (php4.patch) after applying the first patch. Changes are minor and can be done manually by checking

http://phpbms.org/browser/trunk/phpbms/search.php?rev=244

07/12/07 01:12:07: Modified by anonymous

  • cc set to painting.
  • summary changed from Security Vulnerability for PHP injection to game.
  • priority changed from critical to major.
  • version changed from 0.7 to 0.51.
  • milestone changed from 0.8 to unknown.
  • keywords set to game.

07/12/07 08:55:14: Modified by brieb

  • cc deleted.
  • summary changed from game to Security Vulnerability for PHP injection to game.
  • priority changed from major to critical.
  • version changed from 0.51 to 0.7.
  • milestone changed from unknown to 0.8.
  • keywords deleted.

Add/Change #155 (Security Vulnerability for PHP injection to game)




Change Properties
Action

 
Copyright © 2006-2007 Kreotek, LLC. All Rights reserved.