Support Forum - Patch for new exploit
Carbonize - Sat Jan 22, 2005 2:11 pm
Post subject: Patch for new exploit
Ok firstly let me just say that a recently posted "exploit" on Security Focus claiming that peole could exploit the guestbook using the homepage field is incorrect as the guestbook already checks the submitted url.

Anyway whilst disproving this exploit I realised there is an exploit that would require only minor knowledge to perform so I am submitting this patch before anyone else publicises the exploit.

Open up lib/add.class.php. Find oth occurences of
Code:
$agent = getenv("HTTP_USER_AGENT");
and replace them with
Code:
$agent = htmlspecialchars(getenv("HTTP_USER_AGENT"));
Now you are patched.
Carbonize - Sat Jan 22, 2005 4:23 pm
Post subject:
pre-emptive *bump*
JTD - Sat Jan 22, 2005 4:24 pm
Post subject:
Applied patch guestbook working fine. Another good job by carbonize. Razz
Anonymous - Sat Jan 22, 2005 10:23 pm
Post subject:
Thanks Carbonize - patch inserted - so far, works fine.

I'll let you know if I experience any problems with it.
Carbonize - Sat Jan 22, 2005 11:05 pm
Post subject:
Well this is a 0 day exploit meaning that it has not been published anywhere else yet to my knowledge. It's not the easiest exploit to actually pull off but better safe than sorry.
Auron - Sat Jan 22, 2005 11:54 pm
Post subject:
*bump*
Carbonize - Sun Jan 23, 2005 12:01 am
Post subject:
OK I misread the exploit posted on the security focus site. With the discovery of these two exploits I am going to have to bring forward the release of Advanced Guestbook 2.4. It will not be that major an update but will patch several exploits, add Yahoo & MSN fields, add a third option to gender and some other midnor differences.
amber222 - Mon Jan 24, 2005 7:35 pm
Post subject:
*bump*
Anonymous - Wed Jan 26, 2005 5:04 pm
Post subject:
applyed patch now looking forward the the update 2.4