Re: XSS bypass in PHPNuke - FIX ?

To: SecurityReason - sp3x <sp3x@xxxxxxxxxxxxxxxxxx>
Subject: Re: XSS bypass in PHPNuke - FIX ?
From: Paul Laudanski <zx@xxxxxxxxxxxxxx>
Date: Mon, 19 Dec 2005 19:14:40 -0500 (EST)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <200512200024000804.005AB064@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

On Tue, 20 Dec 2005, SecurityReason - sp3x wrote:

> Hi Paul
> Do you have any idea to do fix or update filter of phpnuke against XSS that 
> discovered my friend.
> We were working with chaserv from nukefixes.com on this fix...
> But as you wrote on bugtraq the Fix is not very good...
> 
> Any idea for good fix ??
> 
> BTW : http://castlecops.com  is  working with phpnuke team ??
> just asking :)

Hi'ya, as per my previous post you can use htmlspecialchars or 
htmlentities.  So in this case take the query and run it through 
htmlspecialchars:

$query = htmlspecialchars($query);

... _before_ you do anything with it like displaying the query back to the 
user.

-- Paul Laudanski, Microsoft MVP Windows-Security 
[cal] http://events.castlecops.com 
[de] http://de.castlecops.com 
[en] http://castlecops.com 
[wiki] http://wiki.castlecops.com 
[family] http://cuddlesnkisses.com

Prev by Date: [SECURITY] [DSA 924-1] New nbd packages fix potential arbitrary code execution
Next by Date: [KAPDA::#17] - beehiveforum Script Injection
Previous by thread: [SECURITY] [DSA 924-1] New nbd packages fix potential arbitrary code execution
Next by thread: [KAPDA::#17] - beehiveforum Script Injection
Index(es):
- Date
- Thread