Güvenlik Yaması Blog ve Gallery Modülleri MKP 1.1

9 views
Skip to first unread message

mKPortal Türkiye

unread,
May 8, 2006, 8:09:12 PM5/8/06
to mkportal
Merhaba

Aşağıdaki güvenlik riski MKPortal coderı meo tarafından bulunmuş
ve yamanmıştır.
Ayrıca yine gallery modülünde bir risk vardır. Bunlar sadece riskli
kodların engellenmesi için. Siz yinede yapın.

Mesajın orjinali

http://mkportal.gen.tr/forum/index.php?topic=1729.0

/mkportal/modules/blog/index.php dosyasını açın

function clean_template fonksiyonunu bulun:


Kod:

function clean_template ($t="") {

$t = str_replace( "&#" , "", $t );
$t = str_replace( ">" , ">", $t );
$t = str_replace( "&lt;" , "<", $t );
$t = str_replace( "<?" , "" , $t );
$t = str_replace( "?" , "" , $t );
$t = preg_replace( "/<script/i" , "" , $t );
$t = preg_replace( "/javascript/i" , "", $t );
$t = preg_replace( "/about/i" , "", $t );
$t = preg_replace( "/vbscript/i" , "", $t );
$t = preg_replace( "/alert/i" , "" , $t );
$t = preg_replace( "/onmouseover/i", "", $t );
$t = preg_replace( "/onclick/i" , "" , $t );
$t = preg_replace( "/onload/i" , "" , $t );
$t = preg_replace( "/onsubmit/i" , "" , $t );

return $t;
}


Bununla değişin


function clean_template ($t="") {

$t = str_replace( "&#" , "", $t );
$t = str_replace( "&gt;" , ">", $t );
$t = str_replace( "&lt;" , "<", $t );
$t = str_replace( "<?" , "" , $t );
$t = str_replace( "?" , "" , $t );
while( preg_match( "#script(.+?)/script#ies" , $t ) ) {
$t = preg_replace( "#script(.+?)/script#ies", "" , $t);
}
$t = preg_replace( "/javascript/i" , "", $t );
$t = preg_replace( "/about/i" , "", $t );
$t = preg_replace( "/vbscript/i" , "", $t );
$t = preg_replace( "/alert/i" , "" , $t );
$t = preg_replace( "/onmouseover/i", "", $t );
$t = preg_replace( "/onclick/i" , "" , $t );
$t = preg_replace( "/onload/i" , "" , $t );
$t = preg_replace( "/onsubmit/i" , "" , $t );

return $t;
}


Kaydedin

Aşağıdaki dosyayı açın:

/mkportal/modules/gallery/index.php

Bul:


Kod:


$file = $_FILES['FILE_UPLOAD']['tmp_name'];
$file_name = $_FILES['FILE_UPLOAD']['name'];
$file_type = $_FILES['FILE_UPLOAD']['type'];
$peso = $_FILES['FILE_UPLOAD']['size'];
}

Altına ekle:


Kod:

$check = @fopen($file, "r");
$check = @fread($check, filesize($file));
if (preg_match("/html/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/javascript/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/about/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/vbscript/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/alert/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/onmouseover/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/onclick/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/onload/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/onsubmit/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("#script(.+?)/script#ies", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/<?php/i", $check)) {
$message = "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
@fclose($check);

Kaydedin

http://mkportal.gen.tr

İyi çalışmalar

Reply all
Reply to author
Forward
0 new messages