Home •  Forum •  FAQ •  Search •  Recent Topics •  Memberlist •  Register •  Log in 
Forum » Icy Phoenix Support » Older Versions Archive » Old Bugs

FIXED delete_users.php fix

Reply to topic

 

xeno3dx
Quote
Posts: 1
Wed 03 Jan, 2007 19:19
Subject: delete_users.php fix
Ciao a tutti io non cnosco l' inglese e quindi posto in italiano.

Ecco come eliminare un Admin, Moderatore, User, di una phpBB XS 2
la pagina delete_users.php non richiede conferma, quindi noi
possiamo eliminare un utente a nostra scelta, che sia admin, mod, o altro
è lo stesso.

Mettiamo caso che vogliamo eliminare l'admin di quel forum phpbbxs2
allora ci precipitiamo sulla memberlist.php dove cliccando con il tasto destro del mouse
troviamo l'id dell'utente che sarà quasi di sicuro il 2


h**p://Sito_Vittima.com/Forum/delet...r_id&del_user=2

Adesso camuffiamo con il bbcode l'url
e spediamo un PM all'admin..


h**p://belleragazze.it

Appena l'admin accede alla pagina si torverà eliminato dal forum, e quindi non potrà
più accedere..

( Ricordo che per eliminare un moderatore o un utente il link deve essere
spedito sempre all'admin del forum, perchè l'unico ad avere tali permessi )

Questo sarebbe l' attacco... cerchiamo di avvisare piu persone possibile

Profile PM
Vortex
Quote
Posts: 412 Location: Prato, Italy
Wed 03 Jan, 2007 21:50
Subject: Re: Bugs Phpbbxs 2
Traduco per gli altri.


Didn't check if this is true, I'm italian and just translate for you ;)




xeno3dx wrote: [View Post]
Hi everyone I can't speak english and I post it in italian.

Here's how to delete a phpBBXS 2 Admin, Moderator, User.
page delete_users.php doesn't ask for any confirmatino, so we are able to delete a user, even if he is admin or mod, doesn't matter his level

Let's image we want to delete the admin of a specified phpbbxs2 board
we go to memberlist.php and with right clic we can find the user id, which is almost "2" for admins

Then we prepare a PM in which we put a link like this:

http://Victim_site.com/Forum/delete...r_id&del_user=2


Than we can hide the link with bbcode http://sexygirls.com


As soon as the admin reaches the page he will be deleted from the board.

(It works only with admins, no other user has permissions to delete users)

This is an easy way to attack a site... try to warn the more people you can

Profile PM   Website MSN Skype
buldo
Quote
Posts: 474 Location: Borgo San Michele
Thu 04 Jan, 2007 00:44
Subject: Re: Bugs Phpbbxs 2
This is not properly a "bug", but it's VERY IMPORTANT to keep it in mind: admins just check the browser's status bar to be sure that the link they are clicking on is "correct". :roll:

Thanks for reporting.

Ciao,

Profile PM   Website
TheSteffen
Quote
Posts: 1625 Location: Magdeburg
Thu 04 Jan, 2007 09:45
Subject: Re: Bugs Phpbbxs 2
Is there no warning before deleting admin like "Do you really want to delete..." ?

I don't want to test it :-)

Profile PM  
z3d0
Quote
Posts: 81 Location: TOPICS_TABLE
Thu 04 Jan, 2007 12:43
Subject: Re: Bugs Phpbbxs 2
MG has already fixed this bug in area69

Patch:

OPEN delete_users.php

FIND

Code: [Download] [Hide]
  1. $del_user = ( isset($_POST['del_user']) ) ? intval($_POST['del_user']) : (( isset($_GET['del_user']) ) ? intval($_GET['del_user']):'');  
  2. $mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : ( ( isset($_GET['mode']) ) ? $_GET['mode']:'');  
  3. $days = ( isset($_POST['days']) ) ? intval($_POST['days']) : (( isset($_GET['days']) ) ? intval($_GET['days']):''); 


AFTER ADD

Code: [Download] [Hide]
  1. if(!isset($_POST['confirm']))  
  2. {  
  3. $page_title = $lang['Home'];  
  4. include($phpbb_root_path . 'includes/page_header.' . $phpEx);  
  5.  
  6. $s_hidden_fields = '';  
  7. $s_hidden_fields .= '<input type="hidden" name="del_user" value="' . $del_user . '" />';  
  8. $s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';  
  9. $s_hidden_fields .= '<input type="hidden" name="days" value="' . $days . '" />';  
  10.  
  11. // Set template files  
  12. $template->set_filenames(array('confirm' => 'confirm_body.tpl'));  
  13.  
  14. $template->assign_vars(array(  
  15. 'MESSAGE_TITLE' => $lang['Confirm'],  
  16. 'MESSAGE_TEXT' => $lang['Confirm_delete_item'],  
  17.  
  18. 'L_YES' => $lang['Yes'],  
  19. 'L_NO' => $lang['No'],  
  20.  
  21. 'S_CONFIRM_ACTION' => append_sid('delete_users.' . $phpEx),  
  22. 'S_HIDDEN_FIELDS' => $s_hidden_fields  
  23. )  
  24. );  
  25. $template->pparse('confirm');  
  26. include($phpbb_root_path . 'includes/page_tail.' . $phpEx);  
  27. exit();  


:wink:

Profile PM   Website
buldo
Quote
Posts: 474 Location: Borgo San Michele
Thu 04 Jan, 2007 12:49
Subject: Re: Bugs Phpbbxs 2
Many thanks. z3do! :mrblue:

Profile PM   Website
Vortex
Quote
Posts: 412 Location: Prato, Italy
Thu 04 Jan, 2007 16:19
Subject: Re: Bugs Phpbbxs 2
z3d0 wrote: [View Post]
MG has already fixed this bug in area69

Patch:

OPEN delete_users.php

FIND

Code: [Download] [Hide]
  1. $del_user = ( isset($_POST['del_user']) ) ? intval($_POST['del_user']) : (( isset($_GET['del_user']) ) ? intval($_GET['del_user']):'');  
  2. $mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : ( ( isset($_GET['mode']) ) ? $_GET['mode']:'');  
  3. $days = ( isset($_POST['days']) ) ? intval($_POST['days']) : (( isset($_GET['days']) ) ? intval($_GET['days']):''); 


AFTER ADD

Code: [Download] [Hide]
  1. if(!isset($_POST['confirm']))  
  2. {  
  3. $page_title = $lang['Home'];  
  4. include($phpbb_root_path . 'includes/page_header.' . $phpEx);  
  5.  
  6. $s_hidden_fields = '';  
  7. $s_hidden_fields .= '<input type="hidden" name="del_user" value="' . $del_user . '" />';  
  8. $s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';  
  9. $s_hidden_fields .= '<input type="hidden" name="days" value="' . $days . '" />';  
  10.  
  11. // Set template files  
  12. $template->set_filenames(array('confirm' => 'confirm_body.tpl'));  
  13.  
  14. $template->assign_vars(array(  
  15. 'MESSAGE_TITLE' => $lang['Confirm'],  
  16. 'MESSAGE_TEXT' => $lang['Confirm_delete_item'],  
  17.  
  18. 'L_YES' => $lang['Yes'],  
  19. 'L_NO' => $lang['No'],  
  20.  
  21. 'S_CONFIRM_ACTION' => append_sid('delete_users.' . $phpEx),  
  22. 'S_HIDDEN_FIELDS' => $s_hidden_fields  
  23. )  
  24. );  
  25. $template->pparse('confirm');  
  26. include($phpbb_root_path . 'includes/page_tail.' . $phpEx);  
  27. exit();  


:wink:




I will apply it 'cause I trust phpBBXS.eu :D but I can't read php code... what does it exactly do?

Profile PM   Website MSN Skype
z3d0
Quote
Posts: 81 Location: TOPICS_TABLE
Thu 04 Jan, 2007 16:53
Subject: Re: Bugs Phpbbxs 2
it adds a confirmation question before deleting users

Profile PM   Website
Vortex
Quote
Posts: 412 Location: Prato, Italy
Thu 04 Jan, 2007 16:56
Subject: Re: Bugs Phpbbxs 2
z3d0 wrote: [View Post]
it adds a confirmation question before deleting users



Woah tricky... :mrgreen:


Thanks ;)

Profile PM   Website MSN Skype
TheSteffen
Quote
Posts: 1625 Location: Magdeburg
Thu 04 Jan, 2007 22:41
Subject: Re: delete_users.php fix
Great, so we wil wait till area69 beta.

Thanks a lot.;-)

Profile PM  
Mighty Gorgon
Quote
Posts: 7192 Location: Borgo San Michele
Sun 07 Jan, 2007 02:47
Subject: Re: FIXED -delete_users.php fix
Thanks z3d0, for posting my fix. :wink:

Profile PM   Website
Reply to topic
 

Page 1 of 1


  
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events

   

This is a "Lo-Fi" version of our main content. To view the full version with more information, formatting and images, please click here.

Powered by Icy Phoenix based on phpBB
Generation Time: 0.1701s (PHP: 12% SQL: 88%)
SQL queries: 11 - Debug Off - GZIP Enabled