PunBB Resource

Your ultimate PunBB resource!

Keywords:

    (Extended)

You are not logged in.

#1 2006-05-30 09:56:06

agravetoncas
Member
From: #gentoo on freenode
Registered: 2005-11-17
Posts: 26
Website

guest can select $pun_user['language']

hello everybody,

open include/functions.php
goto :

Code:

function check_cookie(&$pun_user)

find :

Code:

global $db, $pun_config, $cookie_name, $cookie_seed;

replace with :

Code:

global $db, $pun_config, $cookie_name, $cookie_seed, $tmplang;

after:

Code:

    if (isset($_COOKIE[$cookie_name]))
        list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$cookie_name]);

paste :

Code:

        if (isset($_GET['language']))
                $tmplang =  $_GET['language'] ;
        elseif (isset($_COOKIE['language']))
                $tmplang = $_COOKIE['language'];
        else
                $tmplang = "foo";

find :

Code:

    else
        set_default_user();

replace with :

Code:

    else
        {
        set_default_user();
                if (!@file_exists(PUN_ROOT.'lang/'.$pun_user['language']))
            $pun_user['language'] = $pun_config['o_default_lang'];
                
                setcookie('language', $pun_user['language'], $expire);
        }

goto :

Code:

function set_default_user()

find :

Code:

global $db, $pun_user, $pun_config;

replace with :

Code:

global $db, $pun_user, $pun_config, $tmplang;

find :

Code:

$pun_user['language'] = $pun_config['o_default_lang'];

replace with :

Code:

//$pun_user['language'] = $pun_config['o_default_lang'];
        $pun_user['language'] = $tmplang;

not releasing it as a mod because it is part of a mod i am making.

However, if you think this could cause security issues, please post reply.

Good day.

Last edited by agravetoncas (2006-05-30 15:25:41)

Offline

 

#2 2006-06-16 10:30:13

-J-
Member
Registered: 2005-05-24
Posts: 27

Re: guest can select $pun_user['language']

Is there a way to see a demo agravetoncas? I'm pretty interested smile

Offline

 

#3 2006-06-16 10:44:15

Smartys
Member
Registered: 2005-03-18
Posts: 314
Website

Re: guest can select $pun_user['language']

agravetoncas wrote:

However, if you think this could cause security issues, please post reply.

*replies* tongue


Free PunBB Hosting - lots of mods, easy to customize

Offline

 

#4 2006-06-19 14:50:11

agravetoncas
Member
From: #gentoo on freenode
Registered: 2005-11-17
Posts: 26
Website

Re: guest can select $pun_user['language']

Smartys wrote:

agravetoncas wrote:

However, if you think this could cause security issues, please post reply.

*replies* tongue

please make an smart reply smile
demo can be found on leetnoob.info

Offline

 

#5 2008-02-09 02:48:20

Smartys
Member
Registered: 2005-03-18
Posts: 314
Website

Re: guest can select $pun_user['language']

Well, late bump, but allowing users to specify the path to an arbitrary PHP file on a server is a quite huge security flaw.


Free PunBB Hosting - lots of mods, easy to customize

Offline

 

Board footer

Based on PunBB
© Copyright 2002–2005 Rickard Andersson

© Copyright 2004–2006 Kristoffer Jansson

User contributed files are property of their respective owners.