phpBB.de - Die deutsche phpBB-Community
https://www.phpbb.de/community/
GrussHello Underhill,
Your report "phpBB <= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit" has been closed because your report has been already reported and is currently worked on.
Thank you very much for reporting this issue though.
Comment added by team member:
Someone else has linked this report, so I'm going to close this one.
However initial reading of it suggests that it requires rather a lot of things to be valid at the same time for anything to be possible via it.
Either they need the admin's password in order to gain an admin session to use it (a cookie on it's own is no use since you need to re-auth to the admin panel). And if someone has this there are a number of things that are possible quite clearly without going to this extent.
Or they need the admin to have re-authenticated to the admin panel in this current session, for the person using this to have obtained their session id, for them to make use of this session id within the session period (generally 60 minutes from when the admin last used it) and for them to be on the same /24 subnet as that admin. Which whilst possible, is a very unlikely combination of circumstances.
So whilst we will be looking at this further, since there is a possibility that the sanity checking in place on this variable (which is in a different file to those mentioned in that code) might have a problem, it is not a particularly significant issue
--
- The phpBB Group
http://www.phpbb.com
Code: Alles auswählen
$no_page_header = TRUE;
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);
include($phpbb_root_path . 'includes/sql_parse.'.$phpEx);Code: Alles auswählen
$sql = "SELECT s.session_id, s.session_ip FROM ".SESSIONS_TABLE." s WHERE s.session_id = '". str_replace("\'", "''", $HTTP_GET_VARS['sid']) ."' LIMIT 1";
if( !( $result = $db->sql_query($sql) ))
{
message_die(CRITICAL_ERROR, 'Hacking attempt', '', __LINE__, __FILE__, $sql);
}
$sessionrow = $db->sql_fetchrow($result);
if( $HTTP_GET_VARS['sid'] != $sessionrow['session_id'] )
{
die('Hacking attempt');
}
if( $HTTP_SERVER_VARS['REMOTE_ADDR'] != decode_ip($sessionrow['session_ip']) )
{
die('Hacking attempt');
}
unset($sessionrow);
$sql = "SELECT s.session_id, s.session_ip FROM ".SESSIONS_TABLE." s WHERE s.session_id = '". str_replace("\'", "''", $userdata['session_id']) ."' LIMIT 1";
if( !( $result = $db->sql_query($sql) ))
{
message_die(CRITICAL_ERROR, 'Hacking attempt', '', __LINE__, __FILE__, $sql);
}
$sessionrow = $db->sql_fetchrow($result);
if( $userdata['session_id'] != $sessionrow['session_id'] )
{
die('Hacking attempt');
}
if( $HTTP_SERVER_VARS['REMOTE_ADDR'] != decode_ip($sessionrow['session_ip']) )
{
die('Hacking attempt');
}
unset($sessionrow);
An sich hast du ja recht aber über den ACP ist schon bequemer als sich extra nochmal woanders einloggen zu müssen.Gut, daß ich dieses Script schon seit langem komplett gelöscht habe.
Wozu gibts schliesslich Tools wie phpmyadmin oder mysqldumper
bei so vielen Modsoxpus hat geschrieben:Nun, ich habe so viele Tabellen und eine so grosse Datenbank
Mit Cronjobs okay aber ohne ziemlich lästig.Und als automatische Sicherung ist mysqldumper beinahe unschlagbar.
gibts auch nen Mod dafür der das macht.phpmyadmin braucht man dazu auch eh immer und wenn es nur mal die Optimierung der Tabellen ist.
Japp - agreedoxpus hat geschrieben:Nun, ich habe so viele Tabellen und eine so grosse Datenbank, daß das ACP-Tool hier nicht mehr fehlerlos arbeitet.