Hey all,
As a result of the audits performed due to the recent crop-up of XSS vulnerabilities, we've discovered a few more that we're now bringing you fixes for:
vBActivity v3.0.1:
Fix: (Pro) XSS vulnerability in Request and Nominate Award
vBShout v6.0.6:
Fix: XSS vulnerability in Shout Reports
Forumon v1.0.8:
Fix: XSS vulnerability in Create New Monster
For those who'd rather perform manual edits:
/dbtech/vbactivity/actions/nominatemedal.php
Find
Replace With
/dbtech/vbactivity/actions/requestmedal.php
Find
Replace With
/dbtech/vbshout/actions/doreport.php
Find
Replace With
/dbtech/vbshout/actions/updatereport.php
Find
Replace With
/dbtech/forumon/actions/main.php
Find
Add Below
Find
Add Below
In addition, in co-operation with BugAbuse.net, we've found additional vulnerabilities in two other mods; vBDownloads and vBQuiz.
Their latest release versions have been hotfixed. You can re-download the latest versions and re-upload the files to get the fixes.
If for whatever reason you are unable to download the latest versions, manual file edits are as follows:
/dbtech/downloads/actions/editdownload.php
Find
Replace With
/dbtech/vbquiz/hooks/process_templates_complete.php
Find
Add Above
/dbtech/vbquiz/includes/class_profileblock.php
Find
Replace With
Finally, while it doesn't affect any of you, vulnerabilities were also discovered in our vBeCommerce system as well, also thanks to BugAbuse.
We suggest you either update or apply the file edits A.S.A.P., before these exploits leak to the wild.
Thank you for your continued support, and once again sorry for the inconvenience
Discuss this news here.
As a result of the audits performed due to the recent crop-up of XSS vulnerabilities, we've discovered a few more that we're now bringing you fixes for:
vBActivity v3.0.1:
Fix: (Pro) XSS vulnerability in Request and Nominate Award
vBShout v6.0.6:
Fix: XSS vulnerability in Shout Reports
Forumon v1.0.8:
Fix: XSS vulnerability in Create New Monster
For those who'd rather perform manual edits:
/dbtech/vbactivity/actions/nominatemedal.php
Find
PHP:
$reason = $vbulletin->input->clean_gpc('p', 'reason', TYPE_STR);
PHP:
$reason = $vbulletin->input->clean_gpc('p', 'reason', TYPE_NOHTML);
/dbtech/vbactivity/actions/requestmedal.php
Find
PHP:
$reason = $vbulletin->input->clean_gpc('p', 'reason', TYPE_STR);
PHP:
$reason = $vbulletin->input->clean_gpc('p', 'reason', TYPE_NOHTML);
/dbtech/vbshout/actions/doreport.php
Find
PHP:
$reportreason = $vbulletin->input->clean_gpc('p', 'reportreason', TYPE_STR);
PHP:
$reportreason = $vbulletin->input->clean_gpc('p', 'reportreason', TYPE_NOHTML);
/dbtech/vbshout/actions/updatereport.php
Find
PHP:
$modnotes = $vbulletin->input->clean_gpc('p', 'modnotes', TYPE_STR);
PHP:
$modnotes = $vbulletin->input->clean_gpc('p', 'modnotes', TYPE_NOHTML);
/dbtech/forumon/actions/main.php
Find
PHP:
// Grab category id
$vbulletin->input->clean_array_gpc('p', array(
'monster' => TYPE_ARRAY,
));
PHP:
$vbulletin->GPC['monster']['title'] = htmlspecialchars_uni($vbulletin->GPC['monster']['title']);
$vbulletin->GPC['monster']['description'] = htmlspecialchars_uni($vbulletin->GPC['monster']['description']);
Find
PHP:
// Grab a random hex colour
$vbulletin->GPC['monster']['colors']["$foldername"] .= strtoupper(base_convert(mt_rand(0, 16), 10, 16));
}
}
PHP:
$vbulletin->GPC['monster']['title'] = htmlspecialchars_uni($vbulletin->GPC['monster']['title']);
$vbulletin->GPC['monster']['description'] = htmlspecialchars_uni($vbulletin->GPC['monster']['description']);
In addition, in co-operation with BugAbuse.net, we've found additional vulnerabilities in two other mods; vBDownloads and vBQuiz.
Their latest release versions have been hotfixed. You can re-download the latest versions and re-upload the files to get the fixes.
If for whatever reason you are unable to download the latest versions, manual file edits are as follows:
/dbtech/downloads/actions/editdownload.php
Find
PHP:
$mirrorhtml .= '<input type="text" class="textbox" name="mirrors[]" style="margin-top: 4px;" value="' . $mirror . '" /><br />';
PHP:
$mirrorhtml .= '<input type="text" class="textbox" name="mirrors[]" style="margin-top: 4px;" value="' . htmlspecialchars_uni($mirror) . '" /><br />';
/dbtech/vbquiz/hooks/process_templates_complete.php
Find
PHP:
?>
PHP:
$vbulletin->options['dbtech_vbquiz_urlpath_text'] = ($vbulletin->options['dbtech_vbquiz_urlpath_text'] ? $vbulletin->options['dbtech_vbquiz_urlpath_text'] : $vbulletin->options['bburl'] . '/');
/dbtech/vbquiz/includes/class_profileblock.php
Find
PHP:
$quiz_url = '[url="' . $quiz_link . '"]' . $data_data['quiz_name'] . '[/url]';
PHP:
$quiz_url = '[url="' . $quiz_link . '"]' . htmlspecialchars_uni($data_data['quiz_name']) . '[/url]';
Finally, while it doesn't affect any of you, vulnerabilities were also discovered in our vBeCommerce system as well, also thanks to BugAbuse.
We suggest you either update or apply the file edits A.S.A.P., before these exploits leak to the wild.
Thank you for your continued support, and once again sorry for the inconvenience
Discuss this news here.