Hey all,
As a result of the audits performed due to the recent crop-up of XSS vulnerabilities, we've discovered a few more that we're now bringing you fixes for:
vBActivity v3.0.1:
Fix: (Pro) XSS vulnerability in Request and Nominate Award
vBShout v6.0.6:
Fix: XSS vulnerability in Shout Reports
Forumon v1.0.8:
Fix: XSS vulnerability in Create New Monster
For those who'd rather perform manual edits:
/dbtech/vbactivity/actions/nominatemedal.php
Find
PHP Code:
$reason = $vbulletin->input->clean_gpc('p', 'reason', TYPE_STR);
Replace With
PHP Code:
$reason = $vbulletin->input->clean_gpc('p', 'reason', TYPE_NOHTML);
/dbtech/vbactivity/actions/requestmedal.php
Find
PHP Code:
$reason = $vbulletin->input->clean_gpc('p', 'reason', TYPE_STR);
Replace With
PHP Code:
$reason = $vbulletin->input->clean_gpc('p', 'reason', TYPE_NOHTML);
/dbtech/vbshout/actions/doreport.php
Find
PHP Code:
$reportreason = $vbulletin->input->clean_gpc('p', 'reportreason', TYPE_STR);
Replace With
PHP Code:
$reportreason = $vbulletin->input->clean_gpc('p', 'reportreason', TYPE_NOHTML);
/dbtech/vbshout/actions/updatereport.php
Find
PHP Code:
$modnotes = $vbulletin->input->clean_gpc('p', 'modnotes', TYPE_STR);
Replace With
PHP Code:
$modnotes = $vbulletin->input->clean_gpc('p', 'modnotes', TYPE_NOHTML);
/dbtech/forumon/actions/main.php
Find
PHP Code:
// Grab category id
$vbulletin->input->clean_array_gpc('p', array(
'monster' => TYPE_ARRAY,
));
Add Below
PHP Code:
$vbulletin->GPC['monster']['title'] = htmlspecialchars_uni($vbulletin->GPC['monster']['title']);
$vbulletin->GPC['monster']['description'] = htmlspecialchars_uni($vbulletin->GPC['monster']['description']);
Find
PHP Code:
// Grab a random hex colour
$vbulletin->GPC['monster']['colors']["$foldername"] .= strtoupper(base_convert(mt_rand(0, 16), 10, 16));
}
}
Add Below
PHP Code:
$vbulletin->GPC['monster']['title'] = htmlspecialchars_uni($vbulletin->GPC['monster']['title']);
$vbulletin->GPC['monster']['description'] = htmlspecialchars_uni($vbulletin->GPC['monster']['description']);
In addition, in co-operation with BugAbuse.net, we've found additional vulnerabilities in two other mods; vBDownloads and vBQuiz.
Their latest release versions have been hotfixed. You can re-download the latest versions and re-upload the files to get the fixes.
If for whatever reason you are unable to download the latest versions, manual file edits are as follows:
/dbtech/downloads/actions/editdownload.php
Find
PHP Code:
$mirrorhtml .= '<input type="text" class="textbox" name="mirrors[]" style="margin-top: 4px;" value="' . $mirror . '" /><br />';
Replace With
PHP Code:
$mirrorhtml .= '<input type="text" class="textbox" name="mirrors[]" style="margin-top: 4px;" value="' . htmlspecialchars_uni($mirror) . '" /><br />';
/dbtech/vbquiz/hooks/process_templates_complete.php
Find Add Above
PHP Code:
$vbulletin->options['dbtech_vbquiz_urlpath_text'] = ($vbulletin->options['dbtech_vbquiz_urlpath_text'] ? $vbulletin->options['dbtech_vbquiz_urlpath_text'] : $vbulletin->options['bburl'] . '/');
/dbtech/vbquiz/includes/class_profileblock.php
Find
PHP Code:
$quiz_url = '[url="' . $quiz_link . '"]' . $data_data['quiz_name'] . '[/url]';
Replace With
PHP Code:
$quiz_url = '[url="' . $quiz_link . '"]' . htmlspecialchars_uni($data_data['quiz_name']) . '[/url]';
Finally, while it doesn't affect any of you, vulnerabilities were also discovered in our vBeCommerce system as well, also thanks to BugAbuse.
We suggest you either update or apply the file edits A.S.A.P., before these exploits leak to the wild.
Thank you for your continued support, and once again sorry for the inconvenience 
Discuss this news here.
LinkBack URL
About LinkBacks
vBActivity / vBShout / Forumon RPG / vBDownloads / vBQuiz Updates (Security Releases)
Reply With Quote
Bookmarks