Page Index Toggle Pages: 1 ... 3 4 [5]  Send TopicPrint
Very Hot Topic (More than 25 Replies) Security Issue! (Read 20323 times)
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: Security Issue!
Reply #60 - Feb 5th, 2002 at 10:01pm
Print Post  
Oh I'd be interested in a fix but since it's not a security problem, it's not that important for me.
  

The Administrator.
Back to top
WWW  
IP Logged
 
Nexus
Guest


Re: Security Issue!
Reply #61 - Feb 10th, 2002 at 3:10am
Print Post  
What exactly does this security hole allow the hacker to do? ???

And how does it work?

I'm sorry if this is posted somewhere but I can't find it....

Thanks,

Nexus
  
Back to top
 
IP Logged
 
Souless
Guest


Re: Security Issue!
Reply #62 - Feb 10th, 2002 at 6:58am
Print Post  
ACK, I cant seem to get the fix to work, and now the borad pops up an error.

Heres what I did. Rather than go through the labor of installing the mod installer, I manualy cut and past the code from the mod installer file to the *.pl (in their respective places)

Now when I restarted my boards it comes up with this??
Code
Select All
String found where operator expected at ./Sources/YaBBC.pl line 88, near "]' => '" 



I have no idea what the code means and or how to fix that, what did I do wrong?
  
Back to top
 
IP Logged
 
Michael
God Member
*****
Offline


Recursion \Re*cur"sion\,
n. - See recursion.

Posts: 1003
Joined: Oct 23rd, 2001
Gender: Male
Re: Security Issue!
Reply #63 - Feb 10th, 2002 at 12:45pm
Print Post  
@nexus For info about the exploit, read this article: http://eyeonsecurity.net/advisories/css_in_yabb_and_ubb.html

@souless: Post the code that you put into YaBBC.pl. It sounds like you missed a semicolon or something.
  

~ Michael ~
-------------
The MikeCam
A truly wise man never plays leapfrog with a unicorn.
Back to top
IP Logged
 
Souless
Guest


Re: Security Issue!
Reply #64 - Feb 10th, 2002 at 4:46pm
Print Post  
Code
Select All
$char_160 = chr(160);
	$message =~ s~\[img\][\s*\t*\n*(&nbsp;)*($char_160)*]*(http\:\/\/)*(.+?)[\s*\t*\n*(&nbsp;)*($char_160)*]*\[/img\]~<img src="http\:\/\/$2" alt="" border="0">~isg;
	$message =~ s~\[img width=(\d+) height=(\d+)\][\s*\t*\n*(&nbsp;)*($char_160)*]*(http\:\/\/)*(.+?)[\s*\t*\n*(&nbsp;)*($char_160)*]*\[/img\]~restrictimage($1,$2,'http://'.$4)~eisg;
 



Thats what I have that I put in the code, its not like its difficult. But it still came up with that error. Thats directly from the *.mod instruction set that said "<searchfor>" thats what I looked for and deleted, then "<replace>" thats what I replaced it with.

Heck I cant even find the board mod progrma to install it if i wanted to. (probly right under my nose)

But I dont have any new mods installed on the forum other than what came with sp1, so i just took the install yabb.pl and put it back, but im still concerned about this security risk.
  
Back to top
 
IP Logged
 
Michael
God Member
*****
Offline


Recursion \Re*cur"sion\,
n. - See recursion.

Posts: 1003
Joined: Oct 23rd, 2001
Gender: Male
Re: Security Issue!
Reply #65 - Feb 11th, 2002 at 10:14am
Print Post  
Click on "downloads" and get BoardMod 2.5. If you haven't made any changes to the board, security fix should install just fine. I don't see anything wrong with the code at a glance, but who knows, you might've added an extra character or something by accident.
  

~ Michael ~
-------------
The MikeCam
A truly wise man never plays leapfrog with a unicorn.
Back to top
IP Logged
 
Souless
New Member
*
Offline


I love YaBB 1G - SP1!

Posts: 1
Joined: Feb 10th, 2002
Re: Security Issue!
Reply #66 - Feb 13th, 2002 at 7:48pm
Print Post  
Well I managed to just modify the files on my HD and upload them instead, works ok so far, thanks
  
Back to top
 
IP Logged
 
memobug
Full Member
***
Offline


I love Bonsai!

Posts: 135
Joined: Aug 30th, 2001
broken link
Reply #67 - Mar 19th, 2002 at 5:35pm
Print Post  
The title message in this thread

"Please download the security fix _here_"

Has a broken link now that YaBB has moved around.

Regards,

Matt
  
Back to top
WWW  
IP Logged
 
Tea-Master
Forum Administrator
*****
Offline



Posts: 1945
Location: north germany
Joined: Oct 21st, 2001
Gender: Male
Re: Security Issue!
Reply #68 - Mar 19th, 2002 at 6:26pm
Print Post  
YaBB and Boardmod Links changed to new server adresses.

Now you find yr request under http://boardmod.yabbforum.com/mods.php?searchfor=security_fix
  
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: 1 ... 3 4 [5] 
Send TopicPrint