Page Index Toggle Pages: [1] 2 3 ... 5 Send TopicPrint
Very Hot Topic (More than 25 Replies) Security Issue! (Read 20325 times)
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Security Issue!
Jan 13th, 2002 at 3:27am
Print Post  
We've got a serious security issue for YaBB 1 Gold - SP1 and all lower yabb versions. Please download the security fix here!

[EDIT] v1.1 released
[EDIT] v1.2 released
[EDIT] v1.3 released
[EDIT] v1.4 released for custom images
« Last Edit: Jan 16th, 2002 at 2:00am by Administrator »  

The Administrator.
Back to top
WWW  
IP Logged
 
Shoeb Omar
God Member
*****
Offline


Mod Writer

Posts: 5665
Location: San Diego
Joined: Jun 29th, 2001
Gender: Male
Re: Security Issue!
Reply #1 - Jan 13th, 2002 at 3:33am
Print Post  
good job xxl!
u better post this on yabb.xnull also though...
  

YaBB SP2 BETA!
Now taking pay jobs in PHP or Perl.  Contact me for details.
Back to top
IP Logged
 
Tea-Master
Forum Administrator
*****
Offline



Posts: 1945
Location: north germany
Joined: Oct 21st, 2001
Gender: Male
Re: Security Issue!
Reply #2 - Jan 13th, 2002 at 4:24am
Print Post  
THX [CV]XXL for this very important mod!

But i only want to add who's interested which security hole it fixes:
Read this discussion and look here, too
  
Back to top
WWW  
IP Logged
 
ironwing
God Member
*****
Offline


I love YaBB 1 Gold!

Posts: 2330
Location: Sonoran Desert
Joined: Nov 20th, 2001
Re: Security Issue!
Reply #3 - Jan 13th, 2002 at 5:13am
Print Post  
[CV]XXL,

For Gold Release, the code that needs to be changed is in the DoUBBC sub routine in Subs.pl not YaBBC.pl, I think.  I know there is no YaBBC.pl for Gold -Release.

Dan
  

Please include your forum address in all requests for assistance.  It greatly speeds things along.
Back to top
WWW  
IP Logged
 
Tea-Master
Forum Administrator
*****
Offline



Posts: 1945
Location: north germany
Joined: Oct 21st, 2001
Gender: Male
Re: Security Issue!
Reply #4 - Jan 13th, 2002 at 6:42am
Print Post  
@ironwing
oh good that you say that because yr right and in gold release and lower there is an other way to execute the yavascript...

it's in printpage.cgi !

you must change this file too!

i think the following is to change:
Code
Select All
      $threadpost =~ s~\[img\](.+?)\[/img\]~$1~isg;
      $threadpost =~ s~\[img width=(\d+) height=(\d+)\](.+?)\[/img\]~$3~eisg;
 


to
Code
Select All
      if($threadpost =~ m~\[img\]\n?(.+?)\n?\[/img\]~gi) {
            if($1 !~ m~\bhttp\://~gi) { $tmp = $1; $threadpost =~ s~\[img\]\n?(.+?)\n?\[/img\]~[img\]http\://$tmp\[/img\]~isg; }
            $threadpost =~ s~\[img\]\n?(.+?)\n?\[/img\]~<img src="$1">~isg;
      }
      if($threadpost =~ m~\[img width=(\d+) height=(\d+)\]\n?(.+?)\n?\[/img\]~gi) {
            if($3 !~ m~\bhttp\://~gi) { $tmp = $3; $threadpost =~ s~\[img width=(\d+) height=(\d+)\]\n?(.+?)\n?\[/img\]~[img width=$1 height=$2\]http\://$tmp\[/img\]~isg; }
            $threadpost =~ s~\[img width=(\d+) height=(\d+)\]\n?(.+?)\n?\[/img\]~restrictimage($1,$2,$3)~eisg;
      }

 




Greetings
T-Master

edit
oh - i just saw that there's a printpage.pl in SP1 too!
[CV]XXL you should change the code there too!!!

edit2
hm... it seems that the problem with the printpagecgi/.pl exists only with my YaBB Gold - in SP1 the page displays in an other way. It could be that the problem doesn't exist with SP1 but you should check this...

BtW: the board at yabb.xnull.com destroys the [img] tag and puts spaces in it (ex:[ img] ). I think thats a better idea than adding automaticly "http://"  Wink
  
Back to top
WWW  
IP Logged
 
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: Security Issue!
Reply #5 - Jan 13th, 2002 at 7:45am
Print Post  
alright I'll fix the mod. This thing with the space is not very good because there is an easy workaround which doesn't work when using http:// Wink
  

The Administrator.
Back to top
WWW  
IP Logged
 
Shoeb Omar
God Member
*****
Offline


Mod Writer

Posts: 5665
Location: San Diego
Joined: Jun 29th, 2001
Gender: Male
Re: Security Issue!
Reply #6 - Jan 13th, 2002 at 8:34am
Print Post  
wouldnt an easy, if not, slightly cappy way to fix be to replace all occurences of javascipt in the message with "jawasript" ?
this would be a minor annoyancce but lot easier to code and use Smiley
  

YaBB SP2 BETA!
Now taking pay jobs in PHP or Perl.  Contact me for details.
Back to top
IP Logged
 
DaGuy
New Member
*
Offline


DaGuy, k?

Posts: 5
Joined: Jan 13th, 2002
Re: Security Issue!
Reply #7 - Jan 13th, 2002 at 9:07am
Print Post  

Shoeb Omar wrote on Jan 13th, 2002 at 8:34am:
wouldnt an easy, if not, slightly cappy way to fix be to replace all occurences of javascipt in the message with "jawasript" ?
this would be a minor annoyancce but lot easier to code and use Smiley


Unless the hackers find out you did that.
  

DaGuy, cant spel so he r makin up his own werds bc he r smert
Back to top
 
IP Logged
 
Shoeb Omar
God Member
*****
Offline


Mod Writer

Posts: 5665
Location: San Diego
Joined: Jun 29th, 2001
Gender: Male
Re: Security Issue!
Reply #8 - Jan 13th, 2002 at 9:13am
Print Post  
wouldnt make a difference
  

YaBB SP2 BETA!
Now taking pay jobs in PHP or Perl.  Contact me for details.
Back to top
IP Logged
 
DaGuy
New Member
*
Offline


DaGuy, k?

Posts: 5
Joined: Jan 13th, 2002
Re: Security Issue!
Reply #9 - Jan 13th, 2002 at 9:16am
Print Post  

Shoeb Omar wrote on Jan 13th, 2002 at 9:13am:
wouldnt make a difference


k, everytime I try to upload a mod my board goes down and I have to get another admin to fix it so I don't know much about the topic x_x
  

DaGuy, cant spel so he r makin up his own werds bc he r smert
Back to top
 
IP Logged
 
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: Security Issue!
Reply #10 - Jan 13th, 2002 at 9:37am
Print Post  
Shoeb Omar wrote on Jan 13th, 2002 at 8:34am:
wouldnt an easy, if not, slightly cappy way to fix be to replace all occurences of javascipt in the message with "jawasript" ?
this would be a minor annoyancce but lot easier to code and use Smiley
no the problem is that it is not possible to detect if the source contains "javascript" or not. The problem is that instead of "javascript" someone can write "javascr&#105;pt" (note the ascii char). Instead of replacing the "i" you could replace any or even multiple. There are so many combinations that a detection of the word "javascript" is almost impossible. So the only way is to make any occurrence of it useless by putting http://
As I told above, I don't see any other way to fix it more easily.
  

The Administrator.
Back to top
WWW  
IP Logged
 
itswheelie
Senior Member
****
Offline


I love YaBB 1 Gold!

Posts: 445
Joined: May 30th, 2001
Re: Security Issue!
Reply #11 - Jan 13th, 2002 at 1:23pm
Print Post  
the good news is that it does work.  a friend of mine had no problem hacking my board using the security leak.  this fix stopped him dead in his tracks Smiley
  
Back to top
 
IP Logged
 
memobug
Full Member
***
Offline


I love Bonsai!

Posts: 135
Joined: Aug 30th, 2001
Re: Security Issue!
Reply #12 - Jan 13th, 2002 at 5:48pm
Print Post  
After installing the fix on a YaBB1 Gold - Release board, I am getting broken images showing within messages with embedded IMG tags  when I click review "10 recent posts" but no problems with embedded images in search or view users 10 posts or look at the message itself.

Since the messages display ok.  I'll try an image here assuming the patch has been installed, but I don't know for sure.

Test image - hope I can review it before 10 posts are made.  Will report back after.
« Last Edit: Jan 13th, 2002 at 8:40pm by Administrator »  
Back to top
WWW  
IP Logged
 
memobug
Full Member
***
Offline


I love Bonsai!

Posts: 135
Joined: Aug 30th, 2001
Re: Security Issue!
Reply #13 - Jan 13th, 2002 at 6:19pm
Print Post  
The result: I can't tell if it's a problem here because it appears that someone turned off JPEG image display tonight.  At least the UBB link above at this moment is not being translated to a link.

The broken images in my forum show up only in "?action=recent" view, and the broken image has this for properties:

h ttp://<a%20href=/

I'm going to try another image url because it's either been turned off or I'm going batty.  Maybe both:



nope it's turned off.  Previews okay, then UBB disappears at post time. Tongue
« Last Edit: Jan 13th, 2002 at 8:55pm by Administrator »  
Back to top
WWW  
IP Logged
 
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: Security Issue!
Reply #14 - Jan 13th, 2002 at 8:42pm
Print Post  
there was a break between ".j" & "peg", I fixed it in your post Wink
the prob with the image in the post above is caused by the autolink feature, don't ask me why... the image works fine in my testpost...
  

The Administrator.
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: [1] 2 3 ... 5
Send TopicPrint