Recent Topics

Security issue!

started by on Jan 06, 2005 – Last touched: May 31, 2013

Jan 06, 2005 19:56    

There is an SQL injection security issue in the latest releases (up to 0.9.0.11). It will be fixed in 0.9.0.12 but you are invited to take preventive action and apply one of the following patch methods:

1: manual edit:

Open the file /blogs/b2evocore/_class_itemlist.php and find the following code around lines 197-201:

Code

// if a post urltitle is specified, load that post
    if( !empty( $title ) )
    {
      $where .= " AND post_urltitle = '$title'";
    }

Replace these lines like this:

Code

// if a post urltitle is specified, load that post
    if( !empty( $title ) )
    {
      $where .= ' AND post_urltitle = '.$DB->quote($title);
    }

2: patch files

Download the following file:
http://prdownloads.sourceforge.net/evocms/b2evo-0-9-0-11-fix.zip?download , unzip it and replace the two enclosed files in in the blogs/b2evocore folder.

This second method also fixes a small harmless bug that would cause an error when testing the SQL injection issue is fixed.

Jan 06, 2005 22:14

This file is in b2evocore folder ;)

Jan 09, 2005 18:39

I'm still using 0.8.7, and don't have that section in _class_itemlist.php - am I ok?

Jan 10, 2005 13:19

I *think* 0.8.7 did not have ant $title handling, so you *might* be okay. But there is no way I can guarantee anything about old releases like 0.8.7 .

Jan 10, 2005 14:23

Ok, thanks Francoise. I added the title handling myself, so I'll take the risk.

Jan 21, 2005 02:08

Greets - I just checked the relevant file for this bug and found it to exist. I am currently running v9.10.0.

Apr 20, 2005 18:28

providing your logs to francois would be the thing to do.. BUT, fyi, the screenshot you have of the b2evolution website having "lost its skin" .. I see that ALOT here because the server seems to slow down, and the stylesheet doesnt get rendered ... not seeing a particular style isnt an accurate indication of an exploit.

Like I said, sending an email to francois with your apache logs and as much other info as you can provide (times etc..) would certainly go further than one post here as francois will probably see his email before he comes here.

I wont even ask why you posted on your blog about this 3 days before your post here .. Ill just assume you have already contacted francois and leave well enough alone. Cant fix it if they dont know its broke :(

Apr 25, 2005 10:58

Hi whoo

I have been in contact with Francois, and he's sure there was no exploit of the actual b2evolution site, so it must just have been a style sheet issue, as you mention.

Apr 25, 2005 13:13

yeap greenman, I read his reply on your blog regarding this domain. Im still not sure about what happened to your own blog, but thats not for me to wonder, I reckon.


Form is loading...

blogtool – This forum is powered by b2evolution CMS, a complete engine for your website.