Icy Phoenix

     
 


Post new topic  This topic is locked: you cannot edit posts or make replies. 
Page 1 of 1
 
 
Reply with quote Download Post 
Post 058-010 - FIXED - Security Issue In MO Folder 
 
Hi all.

Today I've discovered that the MO mod could be potentially used to BRUTE FORCE passwords...

So I've applied a little patch to MO.

The same problem is in CHATBOX which is not part of XS, but since many of you may be interested in this mod... I'll attach here a working version for XS which has being secured against brute force attack. Remember that since this mod is not part of XS, we won't support it...

xs_chatbox_v3_1_0.zip
Description: Chatbox 3.1.0 Secured 
Download
Filename: xs_chatbox_v3_1_0.zip
Filesize: 38.01 KB
Downloaded: 386 Time(s)
058_010_xs_mo.zip
Description: 058-010 - MO 
Download
Filename: 058_010_xs_mo.zip
Filesize: 38.14 KB
Downloaded: 384 Time(s)

 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Edited by Mighty Gorgon, Sun 03 Sep, 2006 01:00: Chatbox Updated!
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Support us
 
Reply with quote Download Post 
Post Respuesta: 058-010 - FIXED - Security Issue In MO Folder 
 
Hello MG OK patches for XS Thanks  
 



 
MorphSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Respuesta: 058-010 - FIXED - Security Issue In MO Folder 
 
Yep... Thank U, man!!!

U R the 1
 




____________
Icy Phoenix Latest 2.0 (working pending)
Style: Aphrodite and MG_Themes
Site: Spanish Stephen King fan forum
Mods: Medal System Mod. BBAntispam 1.2. Several own BBcodes.
 
XusquiSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: 058-010 - FIXED - Security Issue In MO Folder 
 
I've upgraded the chatbox and installed on this site...

Enjoy it!


 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: 058-010 - FIXED - Security Issue In MO Folder 
 
hi

new chatbox must be installed with all the standard mod install (edit of file, etc)......or simply replace the files ?????
 



 
squeegieSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: 058-010 - FIXED - Security Issue In MO Folder 
 
if you have a chatbox installed
just replace the files
 




____________
*VOLVO CLUB*
 
difusSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: 058-010 - FIXED - Security Issue In MO Folder 
 
Isn't already installed in stansard installation of xs?????

I didn't install anything .........only xs....

I saw there's a block in block manager.......
 



 
squeegieSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: 058-010 - FIXED - Security Issue In MO Folder 
 
http://www.icyphoenix.com/viewtopic.php?t=260
 




____________
*VOLVO CLUB*
 
difusSend private messageVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: 058-010 - FIXED - Security Issue In MO Folder 
 
I'm following instruction typed inside ChatBox Mod Install.txt file.

Ok for DB update using chatbox_db_install.php

OK upload files chatbox_login, chatbox_front and directory chatbox_mod into the root.

But I can't edit the file index.php following the instruction because I have not found parts of codes in index.php.

For example :

Code: [Download] [Hide]
  1. #  
  2. #-----[ FIND ]---------------------------------------------  
  3. #  
  4. $template->assign_vars(array(  
  5.     'TOTAL_POSTS' => sprintf($l_total_post_s, $total_posts),  
  6.     'TOTAL_USERS' => sprintf($l_total_user_s, $total_users),  
  7.     'NEWEST_USER' => sprintf($lang['Newest_user'], '<a href="' . append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=$newest_uid") . '">', $newest_user, '</a>'),  
  8.  


I can't find these code lines ...

and so with the other code changing ...

Any suggest ?
 



 
LuckySend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: 058-010 - FIXED - Security Issue In MO Folder 
 
Those instructions are for subSilver... you can avoid templates modifications, since are not really needed for Chatbox to work.

Just add a link to the chat and that's it.
 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: 058-010 - FIXED - Security Issue In MO Folder 
 
Ok, the following are my operations for the installing ...

1. DB update using chatbox_db_install.php

2. Upload files chatbox_login, chatbox_front and directory chatbox_mod into the root.

3. Link to ./chatbox_mod/chatbox.php

My problems :

a. I can enter into the chat only if I'm logged before the link (from the portal page) but I have the chat page without the content, the bottom and the command line where I can type messages.

b. otherwise if I go to the link ./chatbox_mod/chatbox.php and I'm not logged, the chatbox ask me the username and password on a new page with on the bottom the following error message :

Quote:

Fatal error: Call to undefined function: rewrite_urls() in /home/mhd-01/www.vivicentro.org/htdocs/includes/page_tail.php on line 133


... and it doesn't work because if I type my username and password, it reply with a blank page and the following text :

Quote:

No input file specified.

 



 
LuckySend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: 058-010 - FIXED - Security Issue In MO Folder 
 
I don't use the chatbox_login.php page...

Just add this link only for logged in users:
Code: [Download] [Hide]
  1.                     <!-- BEGIN switch_user_logged_in -->  
  2.                     <tr>  
  3.                         <td align="left" width="8">{IMG_ARROW_RIGHT}</td>  
  4.                         <td class="genmed" align="left"><a href="javascript:void(0);" onClick="window.open('chatbox_mod/chatbox.php','_chatbox','resizable=yes,scrollbars=yes,width=600,height=460')">Chat</a></td>  
  5.                     </tr>  
  6.                     <!-- END switch_user_logged_in --> 


And remember that I won't support this mod... I've just fixed a couple of securities in it... and I wanted to share it with users which may have this on their site!
 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Post new topic  This topic is locked: you cannot edit posts or make replies.  Page 1 of 1
 


Display posts from previous:    

HideWas this topic useful?

Link this topic
URL
BBCode
HTML




 
Permissions List
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events


  

 

  cron