|
#68508
03/22/2001 3:23 PM
|
Joined: Feb 2000
Posts: 61
Member
|
Member
Joined: Feb 2000
Posts: 61 |
Finally got around to installing 6.01 on my little Redhat box at home. Painless install. Nice.
I noticed that IP added some more Javascript keyword filters to the check_html subroutine in the ubb_lib.cgi file in this latest version. As far as I can tell, the vulnerability described in that Bugtraq post is now completely closed with 6.01. Nice job.
Should be safe to discuss this now in a public forum:
The new 'filters' still let some funny stuff through. I'd like to post an example here. I promise it would be very benign. Actually, it is somewhat funny.
See, I have some code almost finished that should completely eliminate this 'leak'. I have these mods installed on my live 5.47e board and it works beautifully. The version for 6.01 needs some work - and I would like some feedback.
So… can I post an example of the 'leak'?
"Waffles are nothing more than a vehicle for butter and syrup" - Dr. Clayton Forrester
|
|
|
#68509
03/22/2001 3:25 PM
|
Joined: Feb 2000
Posts: 4,625
Member
|
Member
Joined: Feb 2000
Posts: 4,625 |
Might wanna post the fix then wait for IP to add it then post what it was
|
|
|
#68510
03/22/2001 4:53 PM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
please... you would be giving a lotta wanna-be's some easy ammo for some unsuspecting sites... html would have to be turned on too, wouldn't it?
|
|
|
#68511
03/22/2001 5:20 PM
|
Joined: Feb 2000
Posts: 61
Member
|
Member
Joined: Feb 2000
Posts: 61 |
HTML does not need to be turned on to do this. I have just posted a fix for the 5.4x boards in the UBB5 Mods in Beta forum: https://www.ubbdev.com/ubbcgi/ultimatebb.cgi?ubb=get_topic&f=3&t=000198 I thought I had the fix for 6.01 done until I actually installed 6.01 and tried it I need to wordletize some messages, and comment out some more 6.01 filter code. And test test test!
"Waffles are nothing more than a vehicle for butter and syrup" - Dr. Clayton Forrester
|
|
|
#68512
03/22/2001 5:26 PM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
Well, sir, I hope you haven't just whacked us with it...
|
|
|
#68513
03/22/2001 6:00 PM
|
Joined: Feb 2000
Posts: 61
Member
|
Member
Joined: Feb 2000
Posts: 61 |
Nah, don't worry about it.
UBB 6.01 aggressively filters out malicious use of the 'trick'. If I was not 100% certain of this, I would not have posted the 5.47e fix. The security vulnerability requires the use of a parentheses inside UBBCode tags, and 6.01 barks loudly when you try that.
Without a parentheses, you cannot execute a Javascript method. But you can access and change some of the document properties. Stuff like changing background color, margin widths, even change images.
Like I said before, nothing malicious.
If you feel I have jeopardized the security of your (or anyone's) forum, then by all means edit or delete my posts. I will not take it as an insult. IMO, it's naive to pretend the bug is not common knowledge among script kiddies, after that one very detailed Bugtraq post.
"Waffles are nothing more than a vehicle for butter and syrup" - Dr. Clayton Forrester
|
|
|
#68514
03/22/2001 11:57 PM
|
Joined: Oct 2000
Posts: 2,223
Veteran
|
Veteran
Joined: Oct 2000
Posts: 2,223 |
I took a read as well.
Nicely documented.
Thank you.
Picture perfect penmanship here.
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 69
Joined: January 2001
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
|