delete_users.php fix »  Show posts from    to     

Icy Phoenix


Old Bugs - delete_users.php fix



xeno3dx [ Wed 03 Jan, 2007 19:19 ]
Post subject: delete_users.php fix
Ciao a tutti io non cnosco l' inglese e quindi posto in italiano.

Ecco come eliminare un Admin, Moderatore, User, di una phpbb xs 2
la pagina delete_users.php non richiede conferma, quindi noi
possiamo eliminare un utente a nostra scelta, che sia admin, mod, o altro
è lo stesso.

Mettiamo caso che vogliamo eliminare l'admin di quel forum phpbbxs2
allora ci precipitiamo sulla memberlist.php dove cliccando con il tasto destro del mouse
troviamo l'id dell'utente che sarà quasi di sicuro il 2


http://Sito_Vittima.com/Forum/delet...r_id&del_user=2

Adesso camuffiamo con il bbcode l'url
e spediamo un pm all'admin..


http://belleragazze.it

Appena l'admin accede alla pagina si torverà eliminato dal forum, e quindi non potrà
più accedere..

( Ricordo che per eliminare un moderatore o un utente il link deve essere
spedito sempre all'admin del forum, perchè l'unico ad avere tali permessi )

Questo sarebbe l' attacco... cerchiamo di avvisare piu persone possibile


Vortex [ Wed 03 Jan, 2007 21:50 ]
Post subject: Re: Bugs Phpbbxs 2
Traduco per gli altri.


Didn't check if this is true, I'm italian and just translate for you ;)




xeno3dx wrote: [View Post]
Hi everyone I can't speak english and I post it in italian.

Here's how to delete a phpbbxs 2 Admin, Moderator, User.
page delete_users.php doesn't ask for any confirmatino, so we are able to delete a user, even if he is admin or mod, doesn't matter his level

Let's image we want to delete the admin of a specified phpbbxs2 board
we go to memberlist.php and with right clic we can find the user id, which is almost "2" for admins

Then we prepare a pm in which we put a link like this:

http://Victim_site.com/Forum/delete...r_id&del_user=2


Than we can hide the link with bbcode http://sexygirls.com


As soon as the admin reaches the page he will be deleted from the board.

(It works only with admins, no other user has permissions to delete users)

This is an easy way to attack a site... try to warn the more people you can


buldo [ Thu 04 Jan, 2007 00:44 ]
Post subject: Re: Bugs Phpbbxs 2
This is not properly a "bug", but it's VERY IMPORTANT to keep it in mind: admins just check the browser's status bar to be sure that the link they are clicking on is "correct". :roll:

Thanks for reporting.

Ciao,


TheSteffen [ Thu 04 Jan, 2007 09:45 ]
Post subject: Re: Bugs Phpbbxs 2
Is there no warning before deleting admin like "Do you really want to delete..." ?

I don't want to test it :-)


z3d0 [ Thu 04 Jan, 2007 12:43 ]
Post subject: Re: Bugs Phpbbxs 2
MG has already fixed this bug in area69

Patch:

OPEN delete_users.php

FIND

Code: [Hide]
  1. $del_user = ( isset($_POST['del_user']) ) ? intval($_POST['del_user']) : (( isset($_GET['del_user']) ) ? intval($_GET['del_user']):'');  
  2. $mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : ( ( isset($_GET['mode']) ) ? $_GET['mode']:'');  
  3. $days = ( isset($_POST['days']) ) ? intval($_POST['days']) : (( isset($_GET['days']) ) ? intval($_GET['days']):''); 


AFTER ADD

Code: [Hide]
  1. if(!isset($_POST['confirm']))  
  2. {  
  3. $page_title = $lang['Home'];  
  4. include($phpbb_root_path . 'includes/page_header.' . $phpEx);  
  5.  
  6. $s_hidden_fields = '';  
  7. $s_hidden_fields .= '<input type="hidden" name="del_user" value="' . $del_user . '" />';  
  8. $s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';  
  9. $s_hidden_fields .= '<input type="hidden" name="days" value="' . $days . '" />';  
  10.  
  11. // Set template files  
  12. $template->set_filenames(array('confirm' => 'confirm_body.tpl'));  
  13.  
  14. $template->assign_vars(array(  
  15. 'MESSAGE_TITLE' => $lang['Confirm'],  
  16. 'MESSAGE_TEXT' => $lang['Confirm_delete_item'],  
  17.  
  18. 'L_YES' => $lang['Yes'],  
  19. 'L_NO' => $lang['No'],  
  20.  
  21. 'S_CONFIRM_ACTION' => append_sid('delete_users.' . $phpEx),  
  22. 'S_HIDDEN_FIELDS' => $s_hidden_fields  
  23. )  
  24. );  
  25. $template->pparse('confirm');  
  26. include($phpbb_root_path . 'includes/page_tail.' . $phpEx);  
  27. exit();  


:wink:


buldo [ Thu 04 Jan, 2007 12:49 ]
Post subject: Re: Bugs Phpbbxs 2
Many thanks. z3do! :mrblue:


Vortex [ Thu 04 Jan, 2007 16:19 ]
Post subject: Re: Bugs Phpbbxs 2
z3d0 wrote: [View Post]
MG has already fixed this bug in area69

Patch:

OPEN delete_users.php

FIND

Code: [Hide]
  1. $del_user = ( isset($_POST['del_user']) ) ? intval($_POST['del_user']) : (( isset($_GET['del_user']) ) ? intval($_GET['del_user']):'');  
  2. $mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : ( ( isset($_GET['mode']) ) ? $_GET['mode']:'');  
  3. $days = ( isset($_POST['days']) ) ? intval($_POST['days']) : (( isset($_GET['days']) ) ? intval($_GET['days']):''); 


AFTER ADD

Code: [Hide]
  1. if(!isset($_POST['confirm']))  
  2. {  
  3. $page_title = $lang['Home'];  
  4. include($phpbb_root_path . 'includes/page_header.' . $phpEx);  
  5.  
  6. $s_hidden_fields = '';  
  7. $s_hidden_fields .= '<input type="hidden" name="del_user" value="' . $del_user . '" />';  
  8. $s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';  
  9. $s_hidden_fields .= '<input type="hidden" name="days" value="' . $days . '" />';  
  10.  
  11. // Set template files  
  12. $template->set_filenames(array('confirm' => 'confirm_body.tpl'));  
  13.  
  14. $template->assign_vars(array(  
  15. 'MESSAGE_TITLE' => $lang['Confirm'],  
  16. 'MESSAGE_TEXT' => $lang['Confirm_delete_item'],  
  17.  
  18. 'L_YES' => $lang['Yes'],  
  19. 'L_NO' => $lang['No'],  
  20.  
  21. 'S_CONFIRM_ACTION' => append_sid('delete_users.' . $phpEx),  
  22. 'S_HIDDEN_FIELDS' => $s_hidden_fields  
  23. )  
  24. );  
  25. $template->pparse('confirm');  
  26. include($phpbb_root_path . 'includes/page_tail.' . $phpEx);  
  27. exit();  


:wink:




I will apply it 'cause I trust phpbbxs.eu :D but I can't read php code... what does it exactly do?


z3d0 [ Thu 04 Jan, 2007 16:53 ]
Post subject: Re: Bugs Phpbbxs 2
it adds a confirmation question before deleting users


Vortex [ Thu 04 Jan, 2007 16:56 ]
Post subject: Re: Bugs Phpbbxs 2
z3d0 wrote: [View Post]
it adds a confirmation question before deleting users



Woah tricky... :mrgreen:


Thanks ;)


TheSteffen [ Thu 04 Jan, 2007 22:41 ]
Post subject: Re: delete_users.php fix
Great, so we wil wait till area69 beta.

Thanks a lot.;-)


Mighty Gorgon [ Sun 07 Jan, 2007 02:47 ]
Post subject: Re: FIXED -delete_users.php fix
Thanks z3d0, for posting my fix. :wink:




Powered by Icy Phoenix