来源:自学PHP网 时间:2015-04-17 14:46 作者: 阅读:次
[导读] Title: phpBB AJAX Chat/Shoutbox MOD CSRF VulnerabilityRelease Date: 2011-04-30Product Affected: http://startrekaccess.com/community/viewtopic.php?f=127t=8675Responsible Disclosure:Afte......
Title: phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability Release Date: 2011-04-30 Product Affected: http://startrekaccess.com/community/viewtopic.php?f=127&t=8675 Responsible Disclosure: After repeated attempts to get the vendor to fix this flaw, he has told me to "Please \ stop taking up my time with something this trivial." I have provided a risk \ assessment, sources on CSRF including OWASP and my implementation on how to fix it. If after a reasonable attempt to make the vendor realise it is a vulnerability, the \ vendor refuses to acknowledge the flaw, the vulnerability will be publicly published. First vendor contact was made on 2011-04-24 and continued till the 29th where he cut \ contact. Discription: All actions taken on chat.php are not protected against CSRF, this includes add and \ delete chat messages. Solution: This solution carries no warranty or guarantees, that said it works with the version \ I have. In config.php $secretKey = 'CHANGE THIS TO SOMETHING SECURE'; in shout.php 116: 'CHAT_MAC' => hash_hmac('ripemd160', $user->data['user_id'], $secretKey) in chat.php 49: $chatMAC = request_var('mac', ''); 56: if($mode AND $chatMAC != hash_hmac('ripemd160', $user->data['user_id'], $secretKey)) \ //action taken { die('Hacking attempt! (CSRF)'); } 257: 'CHAT_MAC' => hash_hmac('ripemd160', $user->data['user_id'], $secretKey) in templates: after param = 'mode=' + mode; Add param += '&mac=' + '{CHAT_MAC}'; |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com