vBShop v2.2.3 (Security Release)

[Fillip H.]

Hey all,

Thanks to BugAbuse.net we are able to bring you a security release for vBShop v2.2.3, which fixes both the public 0day and some other issues that arose while performing a security audit on the mod myself.

We'll be running a full security audit in all our mods over the following days, and will bring you any further security fixes A.S.A.P.

EDIT: These issues only affect the Pro version, I mistakenly mentioned Lite in the email. This is not the case, as the Gift feature is not available in Lite.

vBShop v2.2.3:
Fix: (Pro) XSS vulnerability in Gift Message
Fix: (Pro) XSS vulnerability in Donate Message
Fix: (Pro) XSS vulnerability in Item Management (Front-End)
Fix: (Pro) XSS vulnerability in Shop Management (Front-End)


For those who'd rather perform manual edits:

/dbtech/vbshop/actions/inventory.php

Find

'message'         => TYPE_STR,

Replace With

'message'         => TYPE_NOHTML,

/dbtech/vbshop_pro/actions/shopmanagement.php

Find

    $vbulletin->input->clean_array_gpc('p', array(
        'shopid'     => TYPE_UINT,
        'shop'         => TYPE_ARRAY,
    ));

Add Below

    $vbulletin->GPC['shop']['title']         = htmlspecialchars_uni($vbulletin->GPC['shop']['title']);
    $vbulletin->GPC['shop']['description']     = htmlspecialchars_uni($vbulletin->GPC['shop']['description']);

/dbtech/vbshop_pro/actions/itemmanagement.php

Find

    $vbulletin->GPC['item']['ownerid']         = $vbulletin->userinfo['userid'];

Add Below

    $vbulletin->GPC['item']['title']         = htmlspecialchars_uni($vbulletin->GPC['item']['title']);
    $vbulletin->GPC['item']['description']     = htmlspecialchars_uni($vbulletin->GPC['item']['description']);

/dbtech/vbshop_pro/actions/donate.php

Find

'message'     => TYPE_STR,

Replace With

'message'     => TYPE_NOHTML,

Thank you for your continued support, and sorry for the inconvenience

Discuss this news here.