New Bug

sup_iran · August 18, 2007, 05:36:23 AM

Hello,
My friends find one bug in smf.

http://www.simplemachines.org/community/index.php?action=helpadmin;help=This+Site+Hacked+By+Iran+Modern+Security+Team

Good luck

ioszilla · August 18, 2007, 05:50:54 AM

ROFLMAO

Dragooon · August 18, 2007, 06:43:19 AM

Well. ROFLMAORLFMAOLMFAO

sup_iran · August 18, 2007, 12:46:39 PM

Scary Boys Find this bug

;-)

Smith6612 · August 18, 2007, 12:47:37 PM

LOL.... what a laugh! It's funny though, how Google hasn't found that on my forum yet.

karlbenson · August 18, 2007, 12:50:55 PM

Its not a serious security exploit that they can little sentence to appear. (works on 2.0 and 1.1.3)
Because they can't use it exploit it to any benefit as bbcode or html won't work. (it has php function addslashes on it)

This bug is because when the $_GET['helpadmin'] string is passed.
If there is no string wwithin the $helptxt[] string array with that key, it just writes the $_GET['helpadmin'] string (after its make safe)

It should be easily fixable. I'm not worried.

karlbenson · August 18, 2007, 01:02:21 PM

Also let google grab this
http://www.simplemachines.org/community/index.php?action=helpadmin;help=This%20is%20an%20important%20key%20:45%205F%20E1%2004%2022%20CA%2029%20C4%2093%203F%2095%2005%202B%2079%202A%20B2

If you don't know what it is just ignore it. If you do

sup_iran · August 18, 2007, 01:12:05 PM

Hello
yes
is not good bug
is GET

;-)

Smith6612 · August 18, 2007, 01:47:35 PM

What does that link up there show?

karlbenson · August 18, 2007, 03:11:40 PM

Google it to find out

sup_iran · August 19, 2007, 06:42:29 AM

Quote from: karlbenson on August 18, 2007, 12:50:55 PM
Its not a serious security exploit that they can little sentence to appear. (works on 2.0 and 1.1.3)
Because they can't use it exploit it to any benefit as bbcode or html won't work. (it has php function addslashes on it)

This bug is because when the $_GET['helpadmin'] string is passed.
If there is no string wwithin the $helptxt[] string array with that key, it just writes the $_GET['helpadmin'] string (after its make safe)

It should be easily fixable. I'm not worried.

Hello
in where file we can solved it?

THanks

karlbenson · August 19, 2007, 08:45:11 AM

Open Sources/Help.php

Find @ line 106 (in clean 1.1.3 files)

Code Select


		$context['help_text'] = $_GET['help'];

Replace with

Code Select


		$context['help_text'] = '';

or
put some custom text

Code Select


		$context['help_text'] = 'Help string not found.';

News:

New Bug