Hey all,
Thanks to BugAbuse.net we are able to bring you a security release for vBShop v2.2.3, which fixes both the public 0day and some other issues that arose while performing a security audit on the mod myself.
We'll be running a full security audit in all our mods over the following days, and will bring you any further security fixes A.S.A.P.
EDIT: These issues only affect the Pro version, I mistakenly mentioned Lite in the email. This is not the case, as the Gift feature is not available in Lite.
vBShop v2.2.3:
Fix: (Pro) XSS vulnerability in Gift Message
Fix: (Pro) XSS vulnerability in Donate Message
Fix: (Pro) XSS vulnerability in Item Management (Front-End)
Fix: (Pro) XSS vulnerability in Shop Management (Front-End)
For those who'd rather perform manual edits:
/dbtech/vbshop/actions/inventory.php
Find
Replace With
/dbtech/vbshop_pro/actions/shopmanagement.php
Find
Add Below
/dbtech/vbshop_pro/actions/itemmanagement.php
Find
Add Below
/dbtech/vbshop_pro/actions/donate.php
Find
Replace With
Thank you for your continued support, and sorry for the inconvenience
Discuss this news here.
Thanks to BugAbuse.net we are able to bring you a security release for vBShop v2.2.3, which fixes both the public 0day and some other issues that arose while performing a security audit on the mod myself.
We'll be running a full security audit in all our mods over the following days, and will bring you any further security fixes A.S.A.P.
EDIT: These issues only affect the Pro version, I mistakenly mentioned Lite in the email. This is not the case, as the Gift feature is not available in Lite.
vBShop v2.2.3:
Fix: (Pro) XSS vulnerability in Gift Message
Fix: (Pro) XSS vulnerability in Donate Message
Fix: (Pro) XSS vulnerability in Item Management (Front-End)
Fix: (Pro) XSS vulnerability in Shop Management (Front-End)
For those who'd rather perform manual edits:
/dbtech/vbshop/actions/inventory.php
Find
PHP:
'message' => TYPE_STR,
PHP:
'message' => TYPE_NOHTML,
/dbtech/vbshop_pro/actions/shopmanagement.php
Find
PHP:
$vbulletin->input->clean_array_gpc('p', array(
'shopid' => TYPE_UINT,
'shop' => TYPE_ARRAY,
));
PHP:
$vbulletin->GPC['shop']['title'] = htmlspecialchars_uni($vbulletin->GPC['shop']['title']);
$vbulletin->GPC['shop']['description'] = htmlspecialchars_uni($vbulletin->GPC['shop']['description']);
/dbtech/vbshop_pro/actions/itemmanagement.php
Find
PHP:
$vbulletin->GPC['item']['ownerid'] = $vbulletin->userinfo['userid'];
PHP:
$vbulletin->GPC['item']['title'] = htmlspecialchars_uni($vbulletin->GPC['item']['title']);
$vbulletin->GPC['item']['description'] = htmlspecialchars_uni($vbulletin->GPC['item']['description']);
/dbtech/vbshop_pro/actions/donate.php
Find
PHP:
'message' => TYPE_STR,
PHP:
'message' => TYPE_NOHTML,
Thank you for your continued support, and sorry for the inconvenience
Discuss this news here.