exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

php-nuke_mail_crlf.patch

php-nuke_mail_crlf.patch
Posted Dec 21, 2002
Authored by Ulf Harnhammar

PHP-Nuke v6.0 allows remote users to send email to any address on the internet by entering malformed email addresses. Patch included.

tags | advisory, remote, php
SHA-256 | f324c19dbb506141832f85077a736850e56b7b492f689c7d1dbbcc19a71e156e

php-nuke_mail_crlf.patch

Change Mirror Download
--- html/mainfile.php.old  Thu Dec 19 19:17:10 2002
+++ html/mainfile.php Thu Dec 19 19:24:00 2002
@@ -870,4 +870,13 @@
return($ThemeSel);
}

-?>
\ No newline at end of file
+#
+# Security fix
+# Ulf Harnhammar, VSU Security 2002
+#
+
+function removecrlf($str) {
+ return strtr($str, "\015\012", ' ');
+}
+
+?>
--- html/modules/Feedback/index.php.old Thu Dec 19 19:26:44 2002
+++ html/modules/Feedback/index.php Thu Dec 19 19:28:34 2002
@@ -69,6 +69,8 @@
$send = "no";
}
if ($send != "no") {
+ $sender_name = removecrlf($sender_name); # Security fix
+ $sender_email = removecrlf($sender_email);
$msg = "$sitename\n\n";
$msg .= ""._SENDERNAME.": $sender_name\n";
$msg .= ""._SENDEREMAIL.": $sender_email\n";
@@ -93,4 +95,4 @@
CloseTable();
include("footer.php");

-?>
\ No newline at end of file
+?>
--- html/modules/Journal/friend.php.old Thu Dec 19 21:23:27 2002
+++ html/modules/Journal/friend.php Thu Dec 19 21:25:22 2002
@@ -38,6 +38,11 @@
list ($jtitle) = sql_fetch_row($result, $dbi);

if ($send == 1) {
+ $fname = removecrlf($fname); # Security fix
+ $fmail = removecrlf($fmail);
+ $yname = removecrlf($yname);
+ $ymail = removecrlf($ymail);
+
$subject = ""._INTERESTING." $sitename";
$message = ""._HELLO." $fname:\n\n"._YOURFRIEND." $yname "._CONSIDERED."\n\n\n$jtitle\n"._URL.": $nukeurl/modules.php?name=$module_name&file=display&jid=$jid\n\n\n"._AREMORE."\n\n---\n$sitename\n$nukeurl";
mail($fmail, $subject, $message, "From: \"$yname\" <$ymail>\nX-Mailer: PHP/" . phpversion());
@@ -82,4 +87,4 @@

journalfoot();

-?>
\ No newline at end of file
+?>
--- html/modules/News/friend.php.old Thu Dec 19 20:05:53 2002
+++ html/modules/News/friend.php Thu Dec 19 20:16:24 2002
@@ -50,6 +50,11 @@
function SendStory($sid, $yname, $ymail, $fname, $fmail) {
global $sitename, $nukeurl, $prefix, $dbi, $module_name;

+ $fname = removecrlf($fname); # Security fix
+ $fmail = removecrlf($fmail);
+ $yname = removecrlf($yname);
+ $ymail = removecrlf($ymail);
+
$result2=sql_query("select title, time, topic from ".$prefix."_stories where sid=$sid", $dbi);
list($title, $time, $topic) = sql_fetch_row($result2, $dbi);

@@ -90,4 +95,4 @@

}

-?>
\ No newline at end of file
+?>
--- html/modules/Recommend_Us/index.php.old Thu Dec 19 20:00:45 2002
+++ html/modules/Recommend_Us/index.php Thu Dec 19 20:02:45 2002
@@ -45,6 +45,9 @@

function SendSite($yname, $ymail, $fname, $fmail) {
global $sitename, $slogan, $nukeurl, $module_name;
+ $fmail = removecrlf($fmail); # Security fix
+ $yname = removecrlf($yname);
+ $ymail = removecrlf($ymail);
$subject = ""._INTSITE." $sitename";
$message = ""._HELLO." $fname:\n\n"._YOURFRIEND." $yname "._OURSITE." $sitename "._INTSENT."\n\n\n"._FSITENAME." $sitename\n$slogan\n"._FSITEURL." $nukeurl\n";
mail($fmail, $subject, $message, "From: \"$yname\" <$ymail>\nX-Mailer: PHP/" . phpversion());
@@ -76,4 +79,4 @@

}

-?>
\ No newline at end of file
+?>
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close