ds111 Posted December 3, 2008 Author Share Posted December 3, 2008 haha nice lol. thanks but if, please confirm this, these are not very urgent, then is it ok if i include this in the next major release (v1.0.6, in January)? Please tell me if these updates are urgent or not. Thnaks! Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-704698 Share on other sites More sharing options...
darkfreaks Posted December 3, 2008 Share Posted December 3, 2008 there minor bugs but yes you can add them in your next release Fixed edit_users.php <?php session_start(); $noload = true; $nomenu = false; $sidebar = true; ?> <?php include 'header.php'; validateSession("acp"); connect_db(); if(isset($_GET['username'])) { $username = $_GET['username']; $password = $_GET['password']; $email = $_GET['email']; $olduser = $_GET['olduser']; $access = $_GET['access']; $query = "UPDATE users SET username='$username', password='$password', email='$email', access='$access' WHERE username='$olduser'"; mysql_query($query); ?> <script> window.location="admin.php?section=edit&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>&msg=edituser"; </script> <?php } if(isset($_POST['save'])) { $username = $_POST['newusername']; $password = $_POST['newpass']; $newemail = $_POST['newemail']; $oldusername = $_POST['oldusername']; $access = $_POST['access']; if($newemail == "No Email") { $newemail = ""; } if($password == "") { $query = "UPDATE users SET username='$username', access='$access', email='$newemail' WHERE username='$oldusername'"; $godo = mysql_query($query); ?> <script> window.location="admin.php?msg=edituser§ion=edit&editconfirm=yes&acpsession=<?php echo htmlspecialchars($_GET['acpsession']);?>"; </script> <?php } else { $salt = "kasjo84884jajnnfbbahe"; $password = md5($salt.$password); ?> <script> var answer = confirm("This will edit the user's password. This action cannot be undone. Continue?"); if(answer == true) { window.location="edit_users.php?section=edit&username=<?php echo htmlspecialchars($username); ?>&password=<?php echo htmlspecialchars($password); ?>&access=<?php echo htmlspecialchars($access); ?>&olduser=<?php echo htmlspecialchars($oldusername); ?>&email=<?php echo htmlspecialchars($newemail); ?>&acpsession=<?php echo htmlspecialchars($_GET['acpsession']);?>"; } else { alert("No action taken."); } </script> <?php } } if(isset($_POST['user'])) { $username = $_POST['user']; $sql = "SELECT * from users WHERE username='$username'"; $get_info = mysql_query($sql); $rows = mysql_num_rows($get_info); if($rows == 0) { ?> <script> window.location="edit_users.php?section=edit&acpsession=<?php echo htmlspecialchars($_GET['acpsession'); ?>&msg=nouser"; </script> <?php exit; } $username = mysql_result($get_info, 0, "username"); $email = mysql_result($get_info, 0, "email"); $privs = mysql_result($get_info, 0, "access"); $id = mysql_result($get_info, 0, "id"); $selected = $privs; if($privs != "root") { if($email == "") { $email = "No Email"; } ?> <script> function confirmDelete(id) { var answer = confirm("Are you sure you would like to delete this user?"); if(answer == true) { window.location="manage_users.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>&act=delete&memberid="+id; } } </script> <div id="colTwo"> <div class="bg2"> <h2><em>Edit</em> "<?php echo htmlspecialchars($username); ?>"</h2> <p>Manage your blog users here. <form method="post" action="edit_users.php?acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>§ion=edit"> <fieldset> <legend>Edit User</legend> <table width="374" style="font-size:12px;" border="0" cellpadding="2" cellspacing="0"> <tr> <td width="140">Username</td><?php echo '<a href="javascript:confirmDelete('.htmlspecialchars($id).')"><img src="../skins/global_images/delete.png" border="0" /></a>'; ?> <td width="234"><label> <input type="text" name="newusername" id="newusername" value="<?php echo htmlspecialchars($username); ?>"/> </label></td> </tr> <tr> <td>Password</td> <td><label> <input type="text" name="newpass" id="newpass" /> </label></td> </tr> <tr> <td>Email</td> <td><label> <input type="text" name="newemail" id="newemail" value="<?php echo htmlspecialchars($email); ?>" /> <input type="hidden" name="oldusername" id="oldusername" value="<?php echo htmlspecialchars($username); ?>" /> </label></td> </tr> <tr> <td>Access Level</td> <td><label> <select name="access" id="access"> <?php if($selected=="user") { ?> <option selected="selected"value="user">User</option> <option value="newsposter">News Poster</option> <option value="admin">Administrator</option> <?php } if($selected=="newsposter") { ?> <option value="user">User</option> <option selected="selected"value="newsposter">News Poster</option> <option value="admin">Administrator</option> <?php } if($selected=="admin") { ?> <option value="user">User</option> <option value="newsposter">News Poster</option> <option selected="selected" value="admin">Administrator</option> <?php } ?> </select> </label></td> </tr> </table> <input type="submit" name="save" id="save" value="Save" /> </fieldset> </div ></div> </form> <?php } else { ?> <script> window.location="admin.php?section=edit&msg=root&acpsession=<?php echo htmlspecialchars($_GET['acpsession']);?>"; </script> <?php } } if(!isset($_POST['user'])) { ?> <div id="colTwo"> <div class="bg2"> <?php _maxblogmessages_();?> <h2><em>Edit</em> Users</h2> <p>Edit your blog users here. <?php include'users.html'; ?> </p> <p> </p> </div> </div> <?php } include 'footer.php'; ?> Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-704699 Share on other sites More sharing options...
darkfreaks Posted December 5, 2008 Share Posted December 5, 2008 i take that back i would release a security patch ASAP! with the files above and what i am about to post search.php Viewing all posts in the category alert(String.fromCharCode(88, 83, 83). Viewing all posts in the category UNION SELECT 1,2,3,4,5,6,7,8,9,10. Viewing all posts in the category CONCAT_WS(CHAR(32,58,32),user(),database(),version()). Viewing all posts in the category CHAR(83, 116, 114, 105, 110, 103, 32, 116, 111, 32, 117, 115, 101). Viewing all posts in the category CONVERT(String to use USING utf8). Viewing all posts in the category CONVERT(String to use USING latin1). Viewing all posts in the category CHAR(83) + CHAR(116) + CHAR(114) + CHAR(105) + CHAR(110) + CHAR(103) + CHAR(32) + CHAR(116) + CHAR(111) + CHAR(32) + CHAR(117) + CHAR(115) + CHAR(101). Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-707015 Share on other sites More sharing options...
darkfreaks Posted December 5, 2008 Share Posted December 5, 2008 search.php Viewing all posts in the category String.fromCharCode(83, 116, 114, 105, 110, 103, 32, 116, 111, 32, 117, 115, 101). Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-707025 Share on other sites More sharing options...
ds111 Posted December 6, 2008 Author Share Posted December 6, 2008 Umm I can't duplicate the vulnerability. I tried that in categories, and all i got was safe-code. That's because i use my clean() function before I do anything else. Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-707810 Share on other sites More sharing options...
darkfreaks Posted December 6, 2008 Share Posted December 6, 2008 whatever you did with clean() its safe now Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-707936 Share on other sites More sharing options...
ds111 Posted December 6, 2008 Author Share Posted December 6, 2008 i havent changed the source code for about 1 1/2 weeks now....? Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-707941 Share on other sites More sharing options...
darkfreaks Posted December 6, 2008 Share Posted December 6, 2008 http://www.mzbservices.com/search.php?cat=ISNOTSAFE Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-707946 Share on other sites More sharing options...
ds111 Posted December 6, 2008 Author Share Posted December 6, 2008 you know, it would be helpful if you gave me some info?! Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-707954 Share on other sites More sharing options...
darkfreaks Posted December 6, 2008 Share Posted December 6, 2008 http://www.mzbservices.com/search.php?cat= go there then copy one of the queries i posted on the last page insert it after cat= and i guarantee you it will say "query whatever" in a green span/td thing. instead of stripping it and saying "no posts found" Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-707961 Share on other sites More sharing options...
ds111 Posted December 6, 2008 Author Share Posted December 6, 2008 ok i will take out the echo for cat... thnaks edit try now Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-707964 Share on other sites More sharing options...
darkfreaks Posted December 6, 2008 Share Posted December 6, 2008 the echo is gone Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-708015 Share on other sites More sharing options...
darkfreaks Posted December 14, 2008 Share Posted December 14, 2008 Fixed approve_comment.php: <?php require 'registry.php'; if(!isset($id)) { $id = $_GET['id']; $post = $_GET['post']; } checkLogin(); getRights(); if(approveComment($id)) { ?> <script> window.location="show_post.php?id=<?php echo htmlspecialchars($post); ?>&msg=approve"; </script> <?php } else { ?> <script> window.location="show_post.php?id=<?php echo htmlspecialchars($post); ?>&msg=approvefail"; </script> <?php } ?> Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-714937 Share on other sites More sharing options...
darkfreaks Posted December 14, 2008 Share Posted December 14, 2008 Fixed add_category.php: <form id="form1" name="form1" method="post" action="add_category.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>"> <?php if(isset($error)) echo htmlspecialchars($error); ?> Fixed addpage.php: <form id="form1" name="form1" onSubmit="javascript:window.onbeforeunload=null;" method="post" action="add_page.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>"> Fixed admin.php: <iframe width="250px" frameborder="0" src="http://www.mzbservices.com/blog/getupdates.php?ver=<?php echo htmlspecialchars($ver); ?>"></iframe> Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-714946 Share on other sites More sharing options...
darkfreaks Posted December 14, 2008 Share Posted December 14, 2008 Fixed delete_cat.php: <?php session_start(); $noload = true; $nomenu = false; $sidebar = true; if(isset($_GET['movecat'])) { $movecat = $_GET['movecat']; } if(isset($_POST['newcat'])) { $newcat = $_POST['newcat']; } include 'header.php'; validateSession("acp"); connect_db(); $catid = $_GET['cat']; if($_GET['godelete'] == "yes") { $query = "DELETE from categories WHERE id='$catid'"; $godelete = mysql_query($query); } if($_GET['makenew'] == "yes") { $cat = $_GET['catname']; $cat = addslashes($cat); mysql_query("INSERT into categories (categories) VALUES('$cat')"); ?> <div id="colTwo"> <div class="bg2"> <h2><em>Category</em> Added</h2> Successfully completed all operations! </div> </div> <?php include 'footer.php'; exit; } ?> <?php if($movecat != "yes") { ?> <script> history.back(1); </script> <?php } if($movecat == "yes") { if(!isset($_GET['chget'])) { ?> <div id="colTwo"> <div class="bg2"> <h2><em>Change</em> Categories</h2> <form name="form1" method="post" action="delete_cat.php?section=manage&movecat=yes&oldcat=<?php echo $_GET['oldcat']; ?>&catid=<?php echo $_GET['cat']; ?>&chget=yes&acpsession=<?php echo $_GET['acpsession']; ?>"> <br /> <input type="text" name="newcat" id="newcat"> <input type="submit" name="button" id="button" value="Submit" /> </form> </div></div> <?php } else { $catid = $_GET['catid']; $oldcat = $_GET['oldcat']; mysql_query("UPDATE posts SET category='$newcat' WHERE category='$oldcat'"); ?> <div id="colTwo"> <div class="bg2"> <h2><em>Categories</em> Changed</h2> All posts have been changed to <?php echo htmlspecialchars($newcat); ?><br /> <?php $chquer = "SELECT * from categories WHERE categories='$newcat'"; $runquery = mysql_query($chquer); $rows = mysql_num_rows($runquery); if($rows == 0) { ?> <br /> There is no category with this name. Make one? <br /><br /> <a href="delete_cat.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>&makenew=yes&catname=<?php echo htmlspecialchars($newcat); ?>">Yes</a> | <a href="admin.php?section=manage&acpsession=<?php echo $_GET['acpsession']; ?>">No</a> <?php } } } ?> </div> </div> <?php include 'footer.php'; ?> Fixed delete_page.php: <?php session_start(); $noload = true; $nomenu = false; $sidebar = true; include 'header.php'; validateSession("acp"); $id = $_GET['id']; $confirm = $_GET['confirm']; if($confirm == "no") { ?> <script> var answer = confirm("Are you sure you would like to delete this page?"); if(answer) { window.location="delete_page.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']);?>&id=<?php echo htmlspecialchars($id); ?>&confirm=yes"; } else { alert("Page has not been deleted."); window.location="manage_pages.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>"; } </script> <?php } if($confirm == "yes") { deletePage($id); } ?> Fixed edit_page.php: <form id="form1" name="form1" method="post" action="edit_page.php?id=<?php echo htmlspecialchars($_GET['id']); ?>§ion=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>"> Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-714955 Share on other sites More sharing options...
ds111 Posted December 15, 2008 Author Share Posted December 15, 2008 thank you. the changes will be included in v1.0.6, scheduled to release in the new year. Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-715526 Share on other sites More sharing options...
ds111 Posted December 15, 2008 Author Share Posted December 15, 2008 does anyone know where i can post my site so i can get more traffic? so that people know about my CMS? so that i can spread the word?? Link to comment https://forums.phpfreaks.com/topic/134700-my-newsblog-cms-website/page/2/#findComment-715528 Share on other sites More sharing options...
Recommended Posts