Auteur
jpb
jpb
Forum » » Road map développement » » [Résolu] - Ghost formulaire dans user
Posté : 6 mars 2021, 17:52 
[code php]
/************************************************************************/
/* DUNE by NPDS */
/* =========================== */
/* */
/* Patch sécurité ghostform */
/* For NPDS REvolution 13, REvolution 16 à 16.2 */
/* */
/* NPDS Copyright (c) 2001-2021 by Philippe Brunier */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License. */
/* */
/* 06/03/2021 : by @nicolas2 @jpb @npdstesteur */
/************************************************************************/
Problème :
sécurité
Description :
faille permettant la création d'utilisateur hors de tout contrôle voire attaque xss !
Versions concernées :
de 13 à 16.2 et très probablement toutes les versions antiques ...
Niveau :
sérieux
Fichier concerné :
user.php
Application du patch :
REvolution 13
sélectionner les lignes 209 et 210
global $NPDS_Prefix;
global $makepass, $system, $adminmail, $sitename, $AutoRegUser, $memberpass, $gmt;
=> Remplacer par :
global $NPDS_Prefix, $makepass, $system, $adminmail, $sitename, $AutoRegUser, $memberpass, $gmt, $NPDS_Key, $nuke_url;
if(!isset($_SERVER['HTTP_REFERER'])) {
Ecr_Log('security','Ghost form in user.php registration. => NO REFERER','');
L_spambot('',"false");
!include!('admin/die.php');
die();
}
else if ($_SERVER['HTTP_REFERER'].$NPDS_Key !== $nuke_url.'/user.php'.$NPDS_Key) {
Ecr_Log('security','Ghost form in user.php registration. => '.$_SERVER["HTTP_REFERER"],'');
L_spambot('',"false");
!include!('admin/die.php');
die();
}
REvolution 16 toutes versions
=> Trouver et sélectionner les lignes
function finishNewUser($uname, $name, $email, $user_avatar, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $pass,$user_lnl, $C1,$C2,$C3,$C4,$C5,$C6,$C7,$C8,$M1,$M2,$T1,$T2,$B1) {
global $NPDS_Prefix;
global $makepass, $system, $adminmail, $sitename, $AutoRegUser, $memberpass, $gmt;
=> Remplacer par :
function finishNewUser($uname, $name, $email, $user_avatar, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $pass,$user_lnl, $C1,$C2,$C3,$C4,$C5,$C6,$C7,$C8,$M1,$M2,$T1,$T2,$B1) {
global $NPDS_Prefix, $makepass, $system, $adminmail, $sitename, $AutoRegUser, $memberpass, $gmt, $NPDS_Key, $nuke_url;
if(!isset($_SERVER['HTTP_REFERER'])) {
Ecr_Log('security','Ghost form in user.php registration. => NO REFERER','');
L_spambot('',"false");
!include!('admin/die.php');
die();
}
else if ($_SERVER['HTTP_REFERER'].$NPDS_Key !== $nuke_url.'/user.php'.$NPDS_Key) {
Ecr_Log('security','Ghost form in user.php registration. => '.$_SERVER["HTTP_REFERER"],'');
L_spambot('',"false");
!include!('admin/die.php');
die();
}
[/code]
L'eau goutte à goutte finit toujours par percer la pierre...
Cet article provient de Labo NPDS 2015-2025
https://labo.infocapagde.com/viewtopic.php?topic=1477&forum=21