Register_Globals y KB MOD
Publicado: 12 May 2006, 18:51
Hola,
Se vuelve a ver eso de foro Hackeado de nuevo...
http://secunia.com/advisories/19892/
Metodo de "proteccion"
Para los que usais KB MOD 2.0.2
http://www.mx-system.com/forum/viewtopic.php?t=8698
S@lu2
Se vuelve a ver eso de foro Hackeado de nuevo...
http://secunia.com/advisories/19892/
Metodo de "proteccion"
Código: Seleccionar todo
##############################################################
## MOD Title: Avoid Effects of Register Globals (precaution)
## MOD Author: Pit < matthew@teh.ath.cx > (Matt Kavanagh) n/a
## MOD Description: This will detect register_globals if enabled,
## and then erase all the variables injected as a consequence
## of register_globals. Hopefully, this will cut out a few
## security vulnerabilities.
## MOD Version: 1.0.2
##
## Installation Level: Easy
## Installation Time: 1-2 Minutes
## Files To Edit: extension.inc
##
## Included Files: n/a
##############################################################
## For Security Purposes, Please Check: http://www.phpbb.com/mods/ for the
## latest version of this MOD. Downloading this MOD from other sites could cause malicious code
## to enter into your phpBB Forum. As such, phpBB will not offer support for MOD's not offered
## in our MOD-Database, located at: http://www.phpbb.com/mods/
##############################################################
## Author Notes:
## If any MODs have added variables above the place where you
## add the code, they can be erased. You can add them to the
## $protect_vars array, you can move them after this code, or
## you can move this code closer to the start (such as moving
## it to extension.inc).
## REMEMBER: This is a workaround, and it might not be perfect.
## If you are concerned, just disable register_globals entirely.
## THERE IS NO SUBSTITUTE FOR KEEPING UP TO DATE WITH NEW PHPBB
## VERSIONS.
##############################################################
## MOD History:
##
## 2004-03-27 - Version 0.0.1
## - Initial beta version
##
## 2004-03-27 - Version 0.0.2
## - Beta still: added more variables to $protect_vars,
## to prevent kiddies causing useless but annoying errors.
##
## 2004-03-27 - Version 0.1.0
## - Super furry "from 0.0.1 to 0.1.0 in a day" fun version.
## Rewrote code, removed nuisance bugs (numeric variable
## names).
##
## 2004-03-28 - Version 0.1.1
## - Added inarray for evil PHP 3.
##
## 2004-03-28 - Version 0.1.2
## - More evil stupid PHP 3 fixes.
##
## 2004-03-28 - Version 1.0.0
## - Bugs finally ironed out. Initial stable release.
##
## 2004-04-22 - Version 1.0.1
## - From this point I cease to believe what the
## PHP manual tells me; it just isn't accurate enough
## for security work. First $_SESSION isn't listed as
## a register globals candidate, and now I notice that
## the new superglobals can in fact be accessed variably
## despite the exact opposite being in the manual.
## Short story: another fix, my fault.
##
## 2004-05-01 - Version 1.0.2
## - My fault :) inarray is defined for the admin panel too.
##
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################
#
#-----[ OPEN ]---------------------------------------------
#
extension.inc
#
#-----[ FIND ]---------------------------------------------
#
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
#
#-----[ AFTER, ADD ]---------------------------------------------
#
// assume it's on by default. there was no option to disable
// register_globals in PHP3.
$register_globals = true;
// ini_get is only in PHP4+
if(function_exists('ini_get'))
{
// We have PHP4, let's find out if register_globals is
// enabled.
$register_globals = ini_get('register_globals');
}
if($register_globals)
{
// Variables to be protected; may
// add automatic detection in the
// future, but probably not worth
// bothering. Just don't set any
// variables (constants are fine)
// above this point.
$protect_vars = array(
'HTTP_ENV_VARS',
'HTTP_GET_VARS',
'HTTP_POST_VARS',
'HTTP_COOKIE_VARS',
'HTTP_POST_FILES',
'HTTP_SERVER_VARS',
'HTTP_SESSION_VARS',
'_ENV',
'_GET',
'_POST',
'_COOKIE',
'_FILES',
'_SERVER',
'_SESSION',
'GLOBALS',
'input_arrays',
'input_array',
'protect_vars',
'phpbb_root_path',
'no_page_header'
);
// Arrays to loop through for input.
// Remember, case sensitive.
// By default these are just the arrays
// register_globals pulls from.
$input_arrays = array(
'HTTP_ENV_VARS',
'HTTP_GET_VARS',
'HTTP_POST_VARS',
'HTTP_COOKIE_VARS',
'HTTP_POST_FILES',
'HTTP_SERVER_VARS',
'HTTP_SESSION_VARS'
);
// Just get the values of each item in $input_arrays;
// they are the names of the input arrays.
while(list(,$input_array) = each($input_arrays))
{
// Just get the key names of each item in the input
// array; they are the names of the possible variables.
while(list($key,) = @each(${$input_array}))
{
// Variable names are case sensitive (in PHP 5
// at least)..but we don't want people having
// variables that get unset just because they
// were capitalised wrong in $protect_vars.
for($i = 0; $i < count($protect_vars); $i++)
{
if(strtolower($protect_vars[$i]) == strtolower($key))
{
continue 2;
}
}
unset(${$key});
}
@reset(${input_array});
}
unset($register_globals, $protect_vars, $input_arrays, $input_array, $key, $i);
}http://www.mx-system.com/forum/viewtopic.php?t=8698
Código: Seleccionar todo
#
##-----[ OPEN ]--------------------------------
#
includes/kb_constants.php
#
#-----[ FIND ]--------------------------------
#
if ( !MXBB_MODULE )
{
#
#-----[ AFTER ADD ]---------------------
#
if( !defined('IN_PHPBB') )
{
die('Hacking attempt');
exit;
}
#
#-----[ FIND ]--------------------------------
#
$is_block = false;
}
#
#-----[ AFTER ADD ]-----
#
else
{
if( !defined('IN_PORTAL') )
{
die('Hacking attempt');
exit;
}
}
#
##-----[ SAVE ALL / CLOSE ]--------
#
#