Русский phpBB2 Plus

Объявления - Уязвимость миничата phpBB2 Plus 1.5x

i_am_d - Ср 05 Окт, 2005 9:53 am
Заголовок сообщения: Уязвимость миничата phpBB2 Plus 1.5x

Обнаружена уязвимость миничата phpBB2 Plus 1.5x - необходимо критическое обновление.

Код:
#
# ---[ OPEN ]---
#

shoutbox_max.php

#
# ---[ FIND ]---
#
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
   // Split words and phrases
   $highlight = trim(strip_tags(htmlspecialchars($HTTP_GET_VARS['highlight'])));
   $words = explode(' ', $highlight);

   for($i = 0; $i < count($words); $i++)
   {
      if ( trim($words[$i]) != '' )
      {
         $highlight_match .= (($highlight_match != '') ? '|' : '') . str_replace('*', '\w*', phpbb_preg_quote($words[$i], '#'));
      }
   }
   unset($words);
   $highlight = urlencode($highlight);
}


#
# ---[ REPLACE WITH ]---
#
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
   // Split words and phrases
   $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

   for($i = 0; $i < sizeof($words); $i++)
   {
      if (trim($words[$i]) != '')
      {
         $highlight_match .= (($highlight_match != '') ? '|' : '') . str_replace('*', '\w*', phpbb_preg_quote($words[$i], '#'));
      }
   }
   unset($words);

   $highlight = urlencode($HTTP_GET_VARS['highlight']);
   $highlight_match = phpbb_rtrim($highlight_match, "\\");
}


#
# ---[ FIND ]---
#
      $shout = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $shout . '<'), 1, -1));


#
# ---[ REPLACE WITH ]---
#
      $shout = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $shout . '<'), 1, -1));


#
# ---[ SAVE/CLOSE ALL FILES ]---
#



phpBB2 Plus [RENATA edition] © 2005 RENATA WEB SYSTEMS
Powered by phpBB2 Plus based on phpBB © 2005 phpBB Group