Insufficient filtering of incoming data for DLE 8.5 » DataLife Engine Support

DLEVIET - DataLife Engine Support Home Page

Register | Login
DataLife Engine Support » DataLife Engine » Bug Fix » Insufficient filtering of incoming data for DLE 8.5

Insufficient filtering of incoming data for DLE 8.5

  • Author: admin;  
  • Views: 1801;  
  • Date: 9 June 2010;  
Problem: User is allowed to upload files to server (no pictures), may go beyond the permitted download folder, and if he has the administrator account, then interrogate the script.

Error in version: All Versions

The degree of danger: Medium (High if the administrator account are online)

FIX

1. Open file engine/inc/files.php

Find
$serverfile = trim( htmlspecialchars( strip_tags( $_POST['serverfile'] ) ) );


replace with
        if ($member_id['user_group'] == 1) $serverfile = trim( htmlspecialchars( strip_tags( $_POST['serverfile'] ) ) ); else $serverfile = '';

        if ( $serverfile != '' ) {

            $serverfile = str_replace( "\\", "/", $serverfile );
            $serverfile = str_replace( "..", "", $serverfile );
            $serverfile = str_replace( "/", "", $serverfile );
            $serverfile_arr = explode( ".", $serverfile );
            $type = totranslit( end( $serverfile_arr ) );
            $curr_key = key( $serverfile_arr );
            unset( $serverfile_arr[$curr_key] );

            if ( in_array( strtolower( $type ), $allowed_files ) )
                $serverfile = totranslit( implode( ".", $serverfile_arr ) ) . "." . $type;
            else $serverfile = '';

        }

        if( $serverfile == ".htaccess") die("edit codeing attempt!");


2. Open file engine/classes/thumb.class.php

Find
$this->img['des'] = imagecreatetruecolor( $this->img['lebar_thumb'], $this->img['tinggi_thumb'] );


ABOVE add
        if ($this->img['lebar_thumb'] < 1 ) $this->img['lebar_thumb'] = 1;
        if ($this->img['tinggi_thumb'] < 1 ) $this->img['tinggi_thumb'] = 1;


Distribution version 8.5 has been updated.
We encourage you to Register or Login to website under your name.

Relative News

  • Limit number of user comment a day
  • Show MD5, SHA1, CRC32 of attachment file in DLE
  • SQL Manager
  • Some simple category
  • Protect DLE script from running third-party scripts

    • Michael

    Posted 12 June 2010 18:39 Register: 14.03.2010
    the last line of the fist replaced new code
    is actually (in DLE offcial site) is
    if ($ serverfile == ". htaccess") die ("Ha*cking attempt!");

    (remove * )


    but in your site you had written
    if( $serverfile == ".htaccess") die("edit codeing attempt!");


    and the code Ha*cking Attempt is a critical code/function of DLE if you will write any thing else in the place of h@cking attempt then the script will suffer problems

    mr admin

    you had used word filter to remove the work ha*ck (remove *) with word "edit code"

    now this is causing problems in the coding :D


    now the users who had used and edited their files with the ur code they may get in prob :P

    don't worry mr admin
    google adsence bot will noy cause you problems if you will write the word "h@ck" once or 4, 5 times
    so remove that word filter and use search and find to replace all the already replaced words :)

    tvthanh78

    Posted 12 June 2010 22:24 Register: 27.02.2010
    Yes, sloppy admin too!
    Please check carefully your own posts before posting!
    tongue
    Thanks admin for the above, and thanks to Michael for the bottom !
    Information
    Members of Guest cannot leave comments.

    Useful Tools

    Popular

    Pagerank Update

      Updates Yandex SEO
      13.04.2012
      16.02.2012
      04.02.2012
      Updates Yandex search
      17.05.2012
      15.05.2012
      12.05.2012
      Updates Yandex Catalogue
      22.05.2012
      21.05.2012
      18.05.2012
      Updates Google
      03.05.2012
      06.02.2012
      08.11.2011

    Find us on Facebook

    Poll

    How do you know DataLife Engine Support?

    Search Engine
    Other DLE Support websites
    Forum
    Friends
    Others

    Sponsor

    Partner

    Add Your Site


    Tags

    3news, antispam, bookmark module, bookmark us, bookmarks, category, compress, css, Datalife (dle) Search Cloud Module, dle, dle 9.3, DLE images effect, DLE Search CLoud Module, dleviet, guest, guest popup, javascript, Lazyload, mid team, module, Multiple, new user, php latestverstion, pingationMod, Please register, popup, recaptcha, register, registration, release, SEO, sexy, sexy bookmark, sexy social bookmarks, Sitemaps, top user module, viet

    Calendar

    «    May 2012    »
    MoTuWeThFrSaSu
     
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    		 

    CATEGORY

    Lastest Comments

    Archive

    May 2012 (4)
    April 2012 (1)
    January 2012 (2)
    December 2011 (2)
    November 2011 (2)
    October 2011 (1)

    Referer

    Google: google search engine dle module
    Google: dle 9.2 english templates
    Google: dr. datalife engine
    Google: dle 9.2
    Yandex.ru: makstron
    Google: dle 9.3 hacking attempt! comment
    Google: dle espa
    Google: datalife engine
    Google: ao thuat bai

    Sponsor

    Contact us in social network

    Facebook

    Twitter


    Copyright © DLEVIET 2011 All Rights Reserved.
    Template for DLE 9.4
    • DLEVIET PR
    • DLEVIET rank
    • counter