Hey all,
Thanks to InterNot we've been able to identify and multiple SQL Injection exploits as well as an XSS exploit in vBGallery v1.2.3.
You can either re-download v1.2.3 and re-upload the files, or you can apply manual file edits.
For the manual file edits, open up /dbtech/gallery/modules/gallery/actions/search.php and find:
Replace with:
Open up /dbtech/gallery/modules/gallery/actions/search.php and find:
Replace with:
Open up /dbtech/gallery/modules/gallery/actions/main.php and find:
Replace with:
Open up /dbtech/gallery/modules/gallery/functions/class_module.php and find:
Remove this line
Open up /dbtech/gallery/modules/gallery/functions/class_module.php and find:
Remove this line.
Open up /dbtech/gallery/modules/gallery/functions/class_module.php and find:
Remove this line.
Open up /dbtech/gallery/modules/gallery/functions/class_module.php and find:
Remove this line.
Open up /dbtech/gallery/modules/gallery/functions/class_module.php and find:
Replace with:
Open up /dbtech/gallery/includes/class_core.php and find:
Replace with:
Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
Thanks to InterNot we've been able to identify and multiple SQL Injection exploits as well as an XSS exploit in vBGallery v1.2.3.
You can either re-download v1.2.3 and re-upload the files, or you can apply manual file edits.
For the manual file edits, open up /dbtech/gallery/modules/gallery/actions/search.php and find:
PHP:
$query = $vbulletin->GPC['searchbox'];Replace with:
PHP:
$query = $db->escape_string($vbulletin->GPC['searchbox']);Open up /dbtech/gallery/modules/gallery/actions/search.php and find:
PHP:
$sort = $vbulletin->GPC['sort'] ? $vbulletin->GPC['sort'] : 'newest';Replace with:
PHP:
$sort = (in_array($vbulletin->GPC['sort'], array('newest', 'highest', 'comment', 'album', 'username')) ? $vbulletin->GPC['sort'] : 'newest');Open up /dbtech/gallery/modules/gallery/actions/main.php and find:
PHP:
$sort = $vbulletin->GPC['sort'] ? $vbulletin->GPC['sort'] : 'newest';Replace with:
PHP:
$sort = (in_array($vbulletin->GPC['sort'], array('newest', 'highest', 'comment', 'album', 'username')) ? $vbulletin->GPC['sort'] : 'newest');Open up /dbtech/gallery/modules/gallery/functions/class_module.php and find:
PHP:
$album_data['title'] = unhtmlspecialchars($album_data['title']);Remove this line
Open up /dbtech/gallery/modules/gallery/functions/class_module.php and find:
PHP:
$image_data['title'] = unhtmlspecialchars($image_data['title']);Remove this line.
Open up /dbtech/gallery/modules/gallery/functions/class_module.php and find:
PHP:
$image_data['albumname'] = unhtmlspecialchars($image_data['albumname']);Remove this line.
Open up /dbtech/gallery/modules/gallery/functions/class_module.php and find:
PHP:
$image_data['text'] = unhtmlspecialchars($image_data['text']);Remove this line.
Open up /dbtech/gallery/modules/gallery/functions/class_module.php and find:
PHP:
$img_title = construct_phrase($vbphrase['dbtech_gallery_img_info'], unhtmlspecialchars($block_results['title']), $block_results['username']);Replace with:
PHP:
$img_title = construct_phrase($vbphrase['dbtech_gallery_img_info'], $block_results['title'], $block_results['username']);Open up /dbtech/gallery/includes/class_core.php and find:
PHP:
if ($sxml)Replace with:
PHP:
if (!$sxml->error)Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
