| View previous topic :: View next topic |
| Author |
Message |
kayjay
Joined: 06 Mar 2003
Posts: 4
Location: Sydney, Australia
|
 Posted: Tue Oct 07, 2003 12:40 am Post subject: Security: SQL Injection. |
 |
|
Hi,
I found the following Advisory while reading through bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-10/0032.html
I was wondering if i could get confirmation that the vulnerable code has been fixed in b2 CVS, as according to the advisory the issues have been inherited from b2 code that forms the codebase of wordpress.
Wordpress seems to have their code updated, but as i am unsure of the affected files in b2 i cant check timestamps etc .
Cheers,
kayjay |
|
| Back to top |
|
 |
Viper007Bond
Joined: 15 Aug 2003
Posts: 266
Location: Portland, Oregon, USA
|
| Posted: Tue Oct 07, 2003 2:51 am Post subject: |
|
|
Well seeing how that b2 is dead and hasn't been updated in forever, I doubt it...
_________________
http://www.viper007bond.com
If you haven't already installed b2, I advise you look into WordPress or b2evo instead as b2 is dead. |
|
| Back to top |
|
|
allusion
Joined: 16 Jun 2002
Posts: 73
Location: Houston
|
| Posted: Wed Oct 08, 2003 10:37 am Post subject: |
|
|
b2 is vulnerable. I'm going to patch it and release a security update to the sourcforge download page when I package the new version of WordPress. I recommend, of course, that you upgrade to WordPress but if for whatever reason you're still with b2 you shouldn't have to stay vulnerable.
_________________
Matthew Mullenweg
Wordpress |
|
| Back to top |
|
|
epolady
Joined: 30 Jul 2002
Posts: 800
Location: Texas
|
| Posted: Wed Oct 08, 2003 11:07 am Post subject: |
|
|
| allusion wrote: | | b2 is vulnerable. I'm going to patch it and release a security update to the sourcforge download page when I package the new version of WordPress. I recommend, of course, that you upgrade to WordPress but if for whatever reason you're still with b2 you shouldn't have to stay vulnerable. |
Thank you, Matt.
Do you know why (since WP is the official branch of b2) these forums are still up and the downloads are still available? I figured it would be easier to just foward everyone to use WP instead of an (very) outdated b2. Each day, more and more people are using the outdated version of b2.
Speaking for myself, I plan on upgrading to wordpress, once I get private entries working.
_________________
No more support from me. Goodbye!
Go upgrade to WordPress, you'll find better support there. |
|
| Back to top |
|
|
mcgub
Joined: 19 Apr 2003
Posts: 27
|
| Posted: Fri Oct 10, 2003 1:13 am Post subject: |
|
|
The reason I still use B2 is that i have it hacked to perfection. It would be a daunting task to have WP do the things that B2 is doing for me now.
The ongoing support and this forum are greatly appreciated by me and many others. When something works, I see no need to change. 
_________________
7 out of 10 voices in my head say I'm not crazy |
|
| Back to top |
|
|
Viper007Bond
Joined: 15 Aug 2003
Posts: 266
Location: Portland, Oregon, USA
|
| Posted: Fri Oct 10, 2003 3:38 am Post subject: |
|
|
Ditto. b2 does everything I need it to which is fine with me. 
_________________
http://www.viper007bond.com
If you haven't already installed b2, I advise you look into WordPress or b2evo instead as b2 is dead. |
|
| Back to top |
|
|
allusion
Joined: 16 Jun 2002
Posts: 73
Location: Houston
|
|
| Back to top |
|
|
epolady
Joined: 30 Jul 2002
Posts: 800
Location: Texas
|
| Posted: Fri Oct 10, 2003 10:42 am Post subject: |
|
|
Thank you very much. Althought, (I mentioned this on the front page), I'm getting 404s on the file downloads for both tar.gz & zips.
Thanks again.
_________________
No more support from me. Goodbye!
Go upgrade to WordPress, you'll find better support there. |
|
| Back to top |
|
|
Viper007Bond
Joined: 15 Aug 2003
Posts: 266
Location: Portland, Oregon, USA
|
| Posted: Fri Oct 10, 2003 8:48 pm Post subject: |
|
|
They worked for me and are working now as well.
_________________
http://www.viper007bond.com
If you haven't already installed b2, I advise you look into WordPress or b2evo instead as b2 is dead. |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1019
Location: Oregon
|
| Posted: Wed Nov 05, 2003 6:36 pm Post subject: |
|
|
The reason why I don't want to upgrade to WordPress, or even the latest version of b2 if there were any, is the same as some of yours. I have hacked it so much to my liking that I don't even want to change the layout of my site. It took me over 4 months, because I was a complete newbie to php before that.
Anyway, could you tell us exactly what changes were made to the file "blog.header.php"? I updated it, but I don't see the changes made.
Thanks.
_________________
Michael P. |
|
| Back to top |
|
|
stevem
Joined: 15 Mar 2003
Posts: 194
|
| Posted: Sun Nov 30, 2003 5:29 pm Post subject: |
|
|
| Cyberian75 wrote: | | Anyway, could you tell us exactly what changes were made to the file "blog.header.php"? I updated it, but I don't see the changes made. |
I did a file compare between blog.header.php for versions 0.6.1 and 0.6.2.2 which may help. Most of the changes seem to be the use of the function intval.
| Code: | Comparing files blog.header.php 0.6.2.2 and blog.header.php 0.6.1
***** blog.header.php 0.6.2.2
<?php
$use_cache = 1;
***** blog.header.php 0.6.1
<?php
$use_cache = 1;
*****
***** blog.header.php 0.6.2.2
/* Sending HTTP headers */
@header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
@header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
@header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
@header("Cache-Control: post-check=0, pre-check=0", false);
@header("Pragma: no-cache"); // HTTP/1.0
@header ("X-Pingback: $pathserver/xmlrpc.php");
***** blog.header.php 0.6.1
/* Sending HTTP headers */
$last_modified_header = mysql2date('D, d M Y H:i:s', get_lastpostdate());
@header ("X-Pingback: $pathserver/xmlrpc.php");
@header ("Last-Modified: $last_modified_header");
@header ('ETag: "'.md5($last_modified_header.$pagenow).'"');
*****
***** blog.header.php 0.6.2.2
if ($posts) {
$posts = (int)$posts;
$posts_per_page=$posts;
}
// if a month is specified in the querystring, load that month
***** blog.header.php 0.6.1
if ($posts)
$posts_per_page=$posts;
// if a month is specified in the querystring, load that month
*****
***** blog.header.php 0.6.2.2
$cat = explode('-',$cat);
$cat = intval($cat[1]);
} else {
***** blog.header.php 0.6.1
$cat = explode('-',$cat);
$cat = $cat[1];
} else {
*****
***** blog.header.php 0.6.2.2
$cat_array = explode(' ',$cat);
$whichcat .= ' AND (post_category '.$eq.' '.intval($cat_array[0]);
for ($i = 1; $i < (count($cat_array)); $i = $i + 1) {
$whichcat .= ' '.$andor.' post_category '.$eq.' '.intval($cat_array[$i]);
}
***** blog.header.php 0.6.1
$cat_array = explode(' ',$cat);
$whichcat .= ' AND (post_category '.$eq.' '.$cat_array[0];
for ($i = 1; $i < (count($cat_array)); $i = $i + 1) {
$whichcat .= ' '.$andor.' post_category '.$eq.' '.$cat_array[$i];
}
*****
***** blog.header.php 0.6.2.2
$whichcat .= ')';
}
// author stuff
if ((empty($author)) || ($author == 'all') || ($author == '0')) {
$whichauthor='';
} else {
$author = ''.urldecode($author).'';
$author = addslashes_gpc($author);
if (stristr($author, '-')) {
***** blog.header.php 0.6.1
$whichcat .= ')';
}
// author stuff
if ((!empty($author)) || ($author == 'all') || ($cat == '0')) {
$whichauthor='';
} elseif (intval($author)) {
$author = intval($author);
if (stristr($author, '-')) {
*****
***** blog.header.php 0.6.2.2
$author = explode('-', $author);
$author = ''.intval($author[1]);
} else {
***** blog.header.php 0.6.1
$author = explode('-', $author);
$author = $author[1];
} else {
*****
***** blog.header.php 0.6.2.2
$author_array = explode(' ', $author);
$whichauthor .= ' AND (post_author '.$eq.' '.intval($author_array[0]);
for ($i = 1; $i < (count($author_array)); $i = $i + 1) {
$whichauthor .= ' '.$andor.' post_author '.$eq.' '.intval($author_array[$i]);
}
$whichauthor .= ')';
}
***** blog.header.php 0.6.1
$author_array = explode(' ', $author);
$whichauthor .= ' AND post_author '.$eq.' '.$author_array[0];
for ($i = 1; $i < (count($author_array)); $i = $i + 1) {
$whichauthor .= ' '.$andor.' post_author '.$eq.' '.$author_array[$i];
}
}
*****
***** blog.header.php 0.6.2.2
} else {
// used to filter values
$allowed_keys = array('author','date','category','title');
$orderby = urldecode($orderby);
***** blog.header.php 0.6.1
} else {
$orderby = urldecode($orderby);
*****
***** blog.header.php 0.6.2.2
$orderby_array = explode(' ',$orderby);
if (!in_array($orderby_array[0],$allowed_keys)) {
$orderby_array[0] = 'date';
}
$orderby = $orderby_array[0].' '.$order;
***** blog.header.php 0.6.1
$orderby_array = explode(' ',$orderby);
$orderby = $orderby_array[0].' '.$order;
*****
***** blog.header.php 0.6.2.2
for ($i = 1; $i < (count($orderby_array)); $i = $i + 1) {
// Only allow certain values for safety
if (in_array($orderby_array[$i],$allowed_keys)) {
$orderby .= ',post_'.$orderby_array[$i].' '.$order;
}
}
***** blog.header.php 0.6.1
for ($i = 1; $i < (count($orderby_array)); $i = $i + 1) {
$orderby .= ',post_'.$orderby_array[$i].' '.$order;
}
*****
|
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
