milliscripts.com

Bringing people together

Skip to content

Security Patch Pls....

It's not difficult to install myLounge Redirection, but sometimes it's quite tricky. Post your questions in here.

Moderator: Scooby

Post a reply

Security Patch Pls....

Postby intropal » Fri Apr 07, 2006 4:27 am

:cry: My host do not allowed me to install the script as they are concern on the security issue of the script.

Description:
Luis Alberto Cortes Zavala has discovered a vulnerability in milliscripts Redirection, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "domainname" parameter in "register.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

It has also been reported that the "autoappr" variable is not properly defined before being used.

The vulnerability has been confirmed in version 1.4. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Luis Alberto Cortes Zavala, Vicente Perez
intropal
Newbie
Newbie
 
Posts: 1
Joined: Fri Apr 07, 2006 4:22 am
Top

Postby Scooby » Fri Apr 07, 2006 11:37 am

Source of above post

http://secunia.com/advisories/17997/
User avatar
Scooby
helpful guy
helpful guy
 
Posts: 252
Joined: Fri Jan 24, 2003 2:04 pm
Location: UK
Top

Postby Joriz » Sun Apr 23, 2006 3:11 pm

No fix yet :cry:

But if you are server admin you can add this to your mod_security list:

Code: Select all
#milliscripts Redirection "domainname" Cross-Site Scripting
SecFilterSelective REQUEST_URI "register\.php" chain
SecFilterSelective ARG_domainname "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
Lyp.nl
Joriz
Newbie
Newbie
 
Posts: 11
Joined: Thu Sep 30, 2004 4:00 pm
Location: The Netherlands
Top

Postby andelal » Wed May 10, 2006 3:18 pm

Here is what I answered Loius Zavala:


Hello,

I never read anything else from you.
I checked the points you told me (bug in milliscripts redirection when
checking $domainname for example), but they are not true.
In /include/functions.php, *every* input is checked for validation.
The functions are called:
check_domain($dname)
check_domain2($dname, $extension)
check_string($string)
verify_email($email
check_forbidden($url1)

No invalid input can reach the script, there is no possibility the an
url like this causes any problem or security issue:
http://www.server.net/red_14/register.p ... domain.net

Please test all scripts in content with the included files, like
functions.php. I don't know how you exactly test, but there can never
be any problems like you told them.
Please revise your security issue which never has been any.

Best regards

Alex
User avatar
andelal
Site Admin
Site Admin
 
Posts: 479
Joined: Tue Jan 07, 2003 8:53 pm
Location: Vienna/Austria/Europe
Top
Post a reply

Return to Support

Who is online

Users browsing this forum: No registered users and 36 guests

Powered by phpBB® Forum Software © phpBB Group
cron