BugTraq
Back to list
|
Post reply
Anyone can read all XOOPS private messages
Dec 13 2002 03:32PM
Val Deux (valdeux aol com)
www.phpsecure.org advisory.
In french : http://www.phpsecure.org/?zone=pComment&d=101
By valdeux
Publiacted on december, 13th 2002
As most part of PHP CMS, XOOPS allows users to send and receive Private
Messages (PMs), that are saved on the DataBase.
We found how all messages are readable.
And sure, we give you a solution.
Product : XOOPS
Version : RC3 (tested)
File : /pmlite.php
Bug :
if ($reply == 1) {
$pm = new XoopsPM($msg_id);
$pm_uname = XoopsUser::getUnameFromId($pm->getVar
("from_userid"));
$replytext = "[quote]\n";
$replytext .= sprintf(_PM_USERWROTE,$pm_uname);
$replytext .= "\n".$pm->getVar("msg_text", "E")."\n
[/quote]";
Solution :
A patched file is available on www.phpsecure.org :
http://www.phpsecure.org/index.php?zone=pPatchA&sAlpha=x
patch :
ligne 76 : if($pm->getVar("to_userid") != $xoopsUser->getVar
("uid"))
ligne 77 : die("Désolé, c'est patché :)<br><br><a
href=\"http://www.phpsecure.org\">phpSecure();</a>");
Thanxxx :
Magistrat for his website (www.blocus-zone.com) that allows me to
test XOOPS every day :p
PhpSecure Team (www.phpsecure.org, don't forget ;))
xoops.org, because their CMS is a nice one. Let's secure it ;)
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
www.phpsecure.org advisory.
In french : http://www.phpsecure.org/?zone=pComment&d=101
By valdeux
Publiacted on december, 13th 2002
As most part of PHP CMS, XOOPS allows users to send and receive Private
Messages (PMs), that are saved on the DataBase.
We found how all messages are readable.
And sure, we give you a solution.
Product : XOOPS
Version : RC3 (tested)
File : /pmlite.php
Bug :
if ($reply == 1) {
$pm = new XoopsPM($msg_id);
$pm_uname = XoopsUser::getUnameFromId($pm->getVar
("from_userid"));
$replytext = "[quote]\n";
$replytext .= sprintf(_PM_USERWROTE,$pm_uname);
$replytext .= "\n".$pm->getVar("msg_text", "E")."\n
[/quote]";
Solution :
A patched file is available on www.phpsecure.org :
http://www.phpsecure.org/index.php?zone=pPatchA&sAlpha=x
patch :
ligne 76 : if($pm->getVar("to_userid") != $xoopsUser->getVar
("uid"))
ligne 77 : die("Désolé, c'est patché :)<br><br><a
href=\"http://www.phpsecure.org\">phpSecure();</a>");
Thanxxx :
Magistrat for his website (www.blocus-zone.com) that allows me to
test XOOPS every day :p
PhpSecure Team (www.phpsecure.org, don't forget ;))
xoops.org, because their CMS is a nice one. Let's secure it ;)
[ reply ]