:: Forum 8.x [Archiv] ›

#1: Wichtig unbedingt lesen Gefahr Autor: spoddig,

Verfasst am: 21.11.2004 23:51
----
Hier erstmal ein Link da findet Ihr genaueres das CPG ist auch betroffen habe den mist schon geändert auf der cpgnuke.com gibt es ein Update
www.heise.de/newsticke...dung/53499

#2: Re: Wichtig unbedingt lesen Gefahr Autor: spoddig,

Verfasst am: 21.11.2004 23:55
----
Hier der text von CPGNUKE.com
CRITICAL SECURITY BULLETIN

Following my original post here regarding the recent phpBB search highlighting exploit, the phpBB Group has become aware that the exploit can be taken advantage of, in a serious way. This clearly contradicts what I said in my original post, but this IS serious folks. We cannot urge you strongly enough to apply the fix below. This fix does NOT pertain to CPG-Nuke 9, it is immune because of our new quote handling system.

Note: If you applied the earlier fix for .htaccess, keep it - it's a good security measure to take.

The Patch

Open up modules/Forums/viewtopic.php

Find on line ~514:
PHP:
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));

Replace with:
PHP:
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

Note: If you see a <?php in the above code snippets, ignore it - it's a bug that we are trying to trace.

If you prefer to upload a patched copy of the file, you will find it below...

Please do take this seriousely, this is a critical issue. Spread the word to as many people as you possibly can that are using CPG-Nuke!

As always, thank you for your continued support of CPG-Nuke.

External Links

www.phpbb.com/p...p?t=240513

www.phpbb.com/p...p?t=240636

#3: Re: Wichtig unbedingt lesen Gefahr Autor: Reha, Wohnort: Stuttgart

Verfasst am: 27.11.2004 15:43
----
thx

#4: Re: Wichtig unbedingt lesen Gefahr Autor: Ertan, Wohnort: Germany

Verfasst am: 28.11.2004 13:37
----
ist ein phpbb bug

und nicht cpgnuke zwinker

aber wichtig patch einspielen

-> Allgemeines

Alle Zeitangaben sind in GMT + 1 Stunden

Seite 1 von 1