Php Exploit Fix

Php, PHP-Nuke, phpBB, Html, CSS, Javascript e tutto ciò che concerne la gestione siti web.
Avatar utente
AleSSaNDRo
WebMaster
WebMaster
Messaggi: 2358
Iscritto il: 24/04/2003, 1:11
Località: Milano

Php Exploit Fix

Messaggio da AleSSaNDRo »

Per tutti coloro che temono di avere installata la propria board su uno spazio web con compilatore php soggetto ai buchi di sicurezza commentati in questi giorni in diversi NG, posso applicare questo MOD per ovviare in parte al problema.

Codice: Seleziona tutto

##############################################################
## MOD Title: Php Exploit Fix
## MOD Author: Cyberalien
## MOD Description: A serious bug was discovered in php in function unserialize(). That bug can be used to cause serious damage to websites that use software that uses that function.Unfortunately phpBB uses that function to store data in cookies, so phpBB can be exploited (so is IPB, vBulletin and almost all other php forum systems).
## MOD Version: 1.0.0
## 
## Installation Level: Easy
## Installation Time: 20 minutes
## Files To Edit: 
## Included Files: 
## Generator: MOD Studio 3.0 Alpha 1 [mod functions 0.2.1677.25348]
##############################################################
## For Security Purposes, Please Check: http://www.phpbb.com/mods/ for the 
## latest version of this MOD. Downloading this MOD from other sites could cause malicious code 
## to enter into your phpBB Forum. As such, phpBB will not offer support for MOD's not offered 
## in our MOD-Database, located at: http://www.phpbb.com/mods/ 
##############################################################
## Author Notes: 
##############################################################
## MOD History:
## 
##   2004-05-07 - Version 1.0.0
## 
##      - First Stable release. Version 1.0.0 of a MOD is always it's first stable release.
## 
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD 
##############################################################

#
#-----[ OPEN ]------------------------------------------
#

includes/functions.php
#
#-----[ FIND ]------------------------------------------
#
?>
#
#-----[ BEFORE, ADD ]------------------------------------------
#
function serialize_array($array)
{
	if(!is_array($array))
	{
		return '';
	}
	$str = '';
	foreach($array as $var => $value)
	{
		if($str)
		{
			$str .= '|';
		}
		$str .= $var . '=' . str_replace('|', '', $value);
	}
	return $str;
}

function unserialize_array($str)
{
	$array = array();
	$list = explode('|', $str);
	for($i=0; $i<count($list); $i++)
	{
		$row = explode('=', $list[$i], 2);
		if(count($row) == 2)
		{
			$array[$row[0]] = $row[1];
		}
	}
	return $array;
}

#
#-----[ OPEN ]------------------------------------------
#

index.php
#
#-----[ FIND ]------------------------------------------
#
$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t"]) : array();  
$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f"]) : array();  
#
#-----[ REPLACE ]------------------------------------------
#
$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t"]) : array();  
$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f"]) : array();  
#
#-----[ OPEN ]------------------------------------------
#

posting.php
#
#-----[ FIND ]------------------------------------------
#
			$tracking_topics = ( !empty($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
			$tracking_forums = ( !empty($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();
#
#-----[ REPLACE ]------------------------------------------
#
			$tracking_topics = ( !empty($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
			$tracking_forums = ( !empty($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();
#
#-----[ FIND ]------------------------------------------
#
			setcookie($board_config['cookie_name'] . '_t', serialize($tracking_topics), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
#
#-----[ REPLACE ]------------------------------------------
#
			setcookie($board_config['cookie_name'] . '_t', serialize_array($tracking_topics), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
#
#-----[ OPEN ]------------------------------------------
#

search.php
#
#-----[ FIND ]------------------------------------------
#
		$result_array = serialize($store_search_data);
#
#-----[ REPLACE ]------------------------------------------
#
		$result_array = serialize_array($store_search_data);
#
#-----[ FIND ]------------------------------------------
#
				$search_data = unserialize($row['search_array']);
#
#-----[ REPLACE ]------------------------------------------
#
				$search_data = unserialize_array($row['search_array']);
#
#-----[ FIND ]------------------------------------------
#
		$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
		$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();
#
#-----[ REPLACE ]------------------------------------------
#
		$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
		$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();
#
#-----[ OPEN ]------------------------------------------
#

viewforum.php
#
#-----[ FIND ]------------------------------------------
#
			$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();
			$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
#
#-----[ REPLACE ]------------------------------------------
#
			$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();
			$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
#
#-----[ FIND ]------------------------------------------
#
				setcookie($board_config['cookie_name'] . '_f', serialize($tracking_forums), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
#
#-----[ REPLACE ]------------------------------------------
#
				setcookie($board_config['cookie_name'] . '_f', serialize_array($tracking_forums), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
#
#-----[ FIND ]------------------------------------------
#
$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : '';  
$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : '';
#
#-----[ REPLACE ]------------------------------------------
#
$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : '';  
$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : '';  
#
#-----[ OPEN ]------------------------------------------
#

viewtopic.php
#
#-----[ FIND ]------------------------------------------
#
	$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
	$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();
#
#-----[ REPLACE ]------------------------------------------
#
	$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
	$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();
#
#-----[ FIND ]------------------------------------------
#
	setcookie($board_config['cookie_name'] . '_t', serialize($tracking_topics), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
#
#-----[ REPLACE ]------------------------------------------
#
	setcookie($board_config['cookie_name'] . '_t', serialize_array($tracking_topics), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
#
#-----[ OPEN ]------------------------------------------
#

includes/sessions.php
#
#-----[ FIND ]------------------------------------------
#
		$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
#
#-----[ REPLACE ]------------------------------------------
#
		$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize_array(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
#
#-----[ FIND ]------------------------------------------
#
	setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
#
#-----[ REPLACE ]------------------------------------------
#
	setcookie($cookiename . '_data', serialize_array($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
#
#-----[ FIND ]------------------------------------------
#
		$sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
#
#-----[ REPLACE ]------------------------------------------
#
		$sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize_array(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
#
#-----[ FIND ]------------------------------------------
#
					setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
#
#-----[ REPLACE ]------------------------------------------
#
					setcookie($cookiename . '_data', serialize_array($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
FONTE: http://www.phpbbstyles.com/viewtopic.php?t=1904

Chi c’è in linea

Visitano il forum: Claude [Bot] e 0 ospiti