| Autor |
Nachricht |
deltaray |
|
Titel: Fix for players-detail.php SQL Vulnerability
 Verfasst am: 15.07.2008, 16:20 Uhr
|
|
Sitemast0r
Anmeldung: 22. Okt 2005
Beiträge: 12322
Wohnort: Terra - SOL System
|
|
A few moments ago this was brought to my attention. A mistake in the validation code of the input Parameters in the file players-detail.php made an SQL Injection bug possible.
Details about this security flaw can be found here:
http://www.securityfocus.com/bid/30212/info
(DO NOT USE THE FIXED RECOMMEND IN THE EXPLOIT THERE, IT WILL BREAK FUNCTIONALITY HALF OF THE PLAYER DETAILS)
Affected Versions are:
UltraStats 0.2.136
UltraStats 0.2.140
UltraStats 0.2.142
In order to fix this issue manually please process these steps, or replace your players-detail.php with the attached one here. Please spread this information to all admins you know, who use UltraStats.
1. Open players-detail.php and search for:
Code: is_numeric($content['playerguid']) &&
( $content['playerguid'] > 4294967296 && $content['playerguid'] <= 0 )
2. Replace with this code:
Code: !is_numeric($content['playerguid'])
||
( $content['playerguid'] > 4294967296 && $content['playerguid'] <= 0 )
ATTENTION: I will update the UltraStats setup to a newer version in the next few days, as a few other things will be fixed along with this release. |
| Beschreibung: |
Fixed Exploit from:
http://www.securityfocus.com/bid/30212/exploit |
|
Download |
| Dateiname: |
players-detail-FIXED.rar |
| Dateigröße: |
4,72 KB |
| Heruntergeladen: |
272 mal |
_________________
 - For Support write into the forums pls ... btw u r a fag 
He Poops on you!
|
| |
|
|
|
 |
|
HarryRag |
|
|
Titel: Fix for players-detail.php SQL Vulnerability
Verfasst am: 15.07.2008, 18:07 Uhr
|
|
Private
Anmeldung: 01. Dez 2007
Beiträge: 13
|
|
| thnx for the fast fix DeltaRay |
|
|
| |
|
|
|
|
|
eagleeye |
|
|
Titel: Fix for players-detail.php SQL Vulnerability
Verfasst am: 16.07.2008, 18:12 Uhr
|
|
Lance Corporal
Anmeldung: 18. Jun 2006
Beiträge: 57
|
|
tnx for the support, will pass the word 
in 0.2.142 it's line 41 of the file. |
|
|
| |
|
|
|
|
|
Anzeigen |
|
|
Titel: Google Ads
Verfasst am:
|
|
Gast
Anmeldung: 18. Jun 2006
Beiträge
Wohnort
|
|
|
|
|
|
|
Hunter |
|
 |
Titel: Fix for players-detail.php SQL Vulnerability
Verfasst am: 17.07.2008, 01:02 Uhr
|
|
Corporal
Anmeldung: 10. Mar 2006
Beiträge: 163
|
|
| Ok nice, no not nice but ........ |
_________________
|
| |
|
|
|
|
|
|
|
|
Home
Forum
Downloads
News
Neueste Forum Posts
FAQ
Suchen
Registrieren
Einloggen, um private Nachrichten zu lesen
Login
Forum Maximieren
