Hello ! Original article:http://lostmon.blogspot.com/2007/04/posible-patch-for-sitex.html vendor url: http://sitex.bjsintay.com/ osvdb id:33158,33159,33160,33161 http://archives.neohapsis.com/archives/bugtraq/2007-02/0477.html http://www.securityfocus.com/archive/1/archive/1/461305/100/0/threaded http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1234 after study this vulns i found a simple posible patch : some others params are afected like albumid upon submit to albun.php username box upon submision to login.php , and multiple others params. the most of those flaws could be solve by a simple patch for "emergency" before the vendor release a update or a patch open includes/functions.php arround line 12-13 we have this code // - = - = - = - = - = - = - = - = - // GLOBAL CODE // - = - = - = - = - = - = - = - = - // Convert post, get, and server variables for shorthand use and // register globals compatibility if (!empty($_POST)) foreach ($_POST as $k => $v) $$k = $v; if (!empty($_GET)) foreach ($_GET as $k => $v) $$k = $v; if (!empty($_SERVER)) foreach ($_SERVER as $k => $v) $$k = $v; if (!empty($_COOKIE)) foreach ($_COOKIE as $k => $v) $$k = $v; if (!empty($_SESSION)) foreach ($_SESSION as $k => $v) $$k = $v; // Prevent PHP include vulnerability, initialize important vars, will be over-written ################################################################# you can change for this other : ################################################################ // stop XSS function to mitigate the posible XSS flaws //use StopXSS(param or function) function StopXSS($text){ $text = preg_replace("/(\<script)(.*?)(script>)/si", "", "$text"); $text = strip_tags($text); $text = str_replace(array("'","\"",">","<","\\"), "", $text); return $text; } // - = - = - = - = - = - = - = - = - // GLOBAL CODE // - = - = - = - = - = - = - = - = - // Convert post, get, and server variables for shorthand use and // register globals compatibility if (!empty($_POST)) foreach ($_POST as $k => $v) $$k = StopXSS($v); if (!empty($_GET)) foreach ($_GET as $k => $v) $$k = StopXSS($v); if (!empty($_SERVER)) foreach ($_SERVER as $k => $v) $$k = StopXSS($v); if (!empty($_COOKIE)) foreach ($_COOKIE as $k => $v) $$k = StopXSS($v); if (!empty($_SESSION)) foreach ($_SESSION as $k => $v) $$k = StopXSS($v); // Prevent PHP include vulnerability, initialize important vars, will be over-written ##################################################################### and the most of xss flaws now are solved :D Thnx for your time !!! Thnx to OSVDB !!! -- atentamente: Lostmon (lostmon@xxxxxxxxx) Web-Blog: http://lostmon.blogspot.com/ Google group: http://groups.google.com/group/lostmon (new) -- La curiosidad es lo que hace mover la mente....
