Chủ Nhật, 5 tháng 8, 2012

[FIX] XSS Exploit - vBulletin 4.2.0

File: vb/activitystream/view/perm/calendar/event.php



 public function fetchTemplate($templatename, $activity)
    {
        $eventinfo =& $this->content['event'][$activity['contentid']];
        $calendarinfo =& $this->content['calendar'][$eventinfo['calendarid']];


        $activity['postdate'] = vbdate(vB::$vbulletin->options['dateformat'], $activity['dateline'], true);
        $activity['posttime'] = vbdate(vB::$vbulletin->options['timeformat'], $activity['dateline']);


        $preview = strip_quotes($eventinfo['event']);
        $eventinfo['preview'] = htmlspecialchars_uni(fetch_censored_text(
            fetch_trimmed_title(strip_bbcode($preview, false, true, true, true),
                vb::$vbulletin->options['as_snippet'])
        ));


        $templater = vB_Template::create($templatename);
            $templater->register('userinfo', $this->content['user'][$activity['userid']]);
            $templater->register('activity', $activity);
            $templater->register('eventinfo', $eventinfo);
            $templater->register('calendarinfo', $calendarinfo);
        return $templater->render();
    }






 Add after $activity[posttime'] line:



Code:
$eventinfo['title'] = htmlspecialchars_uni($eventinfo['title']);
Save the file, upload, done.

-> public function fixed:


public function fetchTemplate($templatename, $activity)
    {
        $eventinfo =& $this->content['event'][$activity['contentid']];
        $calendarinfo =& $this->content['calendar'][$eventinfo['calendarid']];


        $activity['postdate'] = vbdate(vB::$vbulletin->options['dateformat'], $activity['dateline'], true);
        $activity['posttime'] = vbdate(vB::$vbulletin->options['timeformat'], $activity['dateline']);
        $eventinfo['title'] = htmlspecialchars_uni($eventinfo['title']);


        $preview = strip_quotes($eventinfo['event']);
        $eventinfo['preview'] = htmlspecialchars_uni(fetch_censored_text(
            fetch_trimmed_title(strip_bbcode($preview, false, true, true, true),
                vb::$vbulletin->options['as_snippet'])
        ));


        $templater = vB_Template::create($templatename);
            $templater->register('userinfo', $this->content['user'][$activity['userid']]);
            $templater->register('activity', $activity);
            $templater->register('eventinfo', $eventinfo);
            $templater->register('calendarinfo', $calendarinfo);
        return $templater->render();
    }
Chuyên Mục:
Người đăng: vào lúc

Không có nhận xét nào:

Đăng ký: Đăng Nhận xét (Atom)