058-010 - FIXED - Security Issue In MO Folder »  Show posts from    to     

Icy Phoenix


Old Patches - 058-010 - FIXED - Security Issue In MO Folder



Mighty Gorgon [ Sat 02 Sep, 2006 22:35 ]
Post subject: 058-010 - FIXED - Security Issue In MO Folder
Hi all.

Today I've discovered that the MO mod could be potentially used to BRUTE FORCE passwords... :roll:

So I've applied a little patch to MO.

The same problem is in CHATBOX which is not part of XS, but since many of you may be interested in this mod... I'll attach here a working version for XS which has being secured against brute force attack. Remember that since this mod is not part of XS, we won't support it... :wink:


Morph [ Sun 03 Sep, 2006 00:12 ]
Post subject: Respuesta: 058-010 - FIXED - Security Issue In MO Folder
Hello MG OK patches for XS Thanks :nurse:


Xusqui [ Sun 03 Sep, 2006 00:54 ]
Post subject: Respuesta: 058-010 - FIXED - Security Issue In MO Folder
Yep... Thank U, man!!!

U R the 1


Mighty Gorgon [ Sun 03 Sep, 2006 01:01 ]
Post subject: Re: 058-010 - FIXED - Security Issue In MO Folder
I've upgraded the chatbox and installed on this site... :wink:

Enjoy it!

:lol_flag:


squeegie [ Sun 03 Sep, 2006 10:51 ]
Post subject: Re: 058-010 - FIXED - Security Issue In MO Folder
hi

new chatbox must be installed with all the standard mod install (edit of file, etc)......or simply replace the files ?????


difus [ Sun 03 Sep, 2006 12:31 ]
Post subject: Re: 058-010 - FIXED - Security Issue In MO Folder
if you have a chatbox installed
just replace the files


squeegie [ Sun 03 Sep, 2006 12:58 ]
Post subject: Re: 058-010 - FIXED - Security Issue In MO Folder
Isn't already installed in stansard installation of xs?????

I didn't install anything .........only xs....

I saw there's a block in block manager.......


difus [ Sun 03 Sep, 2006 13:06 ]
Post subject: Re: 058-010 - FIXED - Security Issue In MO Folder
http://www.icyphoenix.com/viewtopic.php?t=260


Lucky [ Sun 03 Sep, 2006 22:17 ]
Post subject: Re: 058-010 - FIXED - Security Issue In MO Folder
I'm following instruction typed inside ChatBox Mod Install.txt file.

Ok for DB update using chatbox_db_install.php

OK upload files chatbox_login, chatbox_front and directory chatbox_mod into the root.

But I can't edit the file index.php following the instruction because I have not found parts of codes in index.php.

For example :

Code: [Hide]
  1. #  
  2. #-----[ FIND ]---------------------------------------------  
  3. #  
  4. $template->assign_vars(array(  
  5. 'TOTAL_POSTS' => sprintf($l_total_post_s, $total_posts),  
  6. 'TOTAL_USERS' => sprintf($l_total_user_s, $total_users),  
  7. 'NEWEST_USER' => sprintf($lang['Newest_user'], '<a href="' . append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=$newest_uid") . '">', $newest_user, '</a>'),  
  8.  


I can't find these code lines ...

and so with the other code changing ...

Any suggest ?


Mighty Gorgon [ Mon 04 Sep, 2006 11:46 ]
Post subject: Re: 058-010 - FIXED - Security Issue In MO Folder
Those instructions are for subSilver... you can avoid templates modifications, since are not really needed for Chatbox to work.

Just add a link to the chat and that's it.


Lucky [ Mon 04 Sep, 2006 15:15 ]
Post subject: Re: 058-010 - FIXED - Security Issue In MO Folder
Ok, the following are my operations for the installing ...

1. DB update using chatbox_db_install.php

2. Upload files chatbox_login, chatbox_front and directory chatbox_mod into the root.

3. Link to ./chatbox_mod/chatbox.php

My problems :

a. I can enter into the chat only if I'm logged before the link (from the portal page) but I have the chat page without the content, the bottom and the command line where I can type messages.

b. otherwise if I go to the link ./chatbox_mod/chatbox.php and I'm not logged, the chatbox ask me the username and password on a new page with on the bottom the following error message :

Quote:

Fatal error: Call to undefined function: rewrite_urls() in /home/mhd-01/www.vivicentro.org/htdocs/includes/page_tail.php on line 133


... and it doesn't work because if I type my username and password, it reply with a blank page and the following text :

Quote:

No input file specified.


Mighty Gorgon [ Wed 06 Sep, 2006 13:06 ]
Post subject: Re: 058-010 - FIXED - Security Issue In MO Folder
I don't use the chatbox_login.php page...

Just add this link only for logged in users:
Code: [Hide]
  1. <!-- BEGIN switch_user_logged_in -->  
  2. <tr>  
  3. <td align="left" width="8">{IMG_ARROW_RIGHT}</td>  
  4. <td class="genmed" align="left"><a href="javascript:void(0);" onClick="window.open('chatbox_mod/chatbox.php','_chatbox','resizable=yes,scrollbars=yes,width=600,height=460')">Chat</a></td>  
  5. </tr>  
  6. <!-- END switch_user_logged_in --> 


And remember that I won't support this mod... I've just fixed a couple of securities in it... and I wanted to share it with users which may have this on their site! :wink:




Powered by Icy Phoenix