[PATCH] Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities

On SecurityFocus: Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities

http://www.securityfocus.com/archive/1/493224/30/0/threaded

A possible solution until a patch is available is to use SEQ_SANITIZE from seq_lib. With the described method
none of the found security flaws can be used for an attack.

[B]This is not an official patch! Test this patch before using it in productive environments! As soon as an official patch is released, use it![/B]

1. Download seq_lib 0.4.
2. Upload seq_lib on the server.
3. Configure the seq_lib-path (if not standard).
4. Include seq_lib in „index.php“.
5. Call SEQ_SANITIZE:

[B]SEQ_SANITIZE – Variable list with expected properties:[/B]

<br />
<?
php
include_once('../seq_lib/seq_lib.php');
//              VARIABLE NAME               # SOURCE#  TYPE #  MIN  #  MAX      # XSS      &#038;

$sanitizer '  id                          #   pg  #   INT #   0   #   10000   #   true   &#038;
                current_subsection          #   pg  #   INT #   0   #   10000   #   true   &#038;
                term                        #   pg  #   STR #   0   #   100     #   true   &#038;
                posted_by                   #   pg  #   STR #   0   #   64      #   true   &#038;
                subject                     #   pg  #   STR #   0   #   64      #   true   &#038;
                content                     #   pg  #   STR #   0   #   1000    #   true   &#038;
                section                     #   pg  #   STR #   0   #   200      #   true   &#038;
                subsection                  #   pg  #   STR #   0   #   200      #   true   &#038;
                author                      #   pg  #   STR #   0   #   20      #   true   &#038;   
                title                       #   pg  #   STR #   0   #   20      #   true   &#038;
                content                     #   pg  #   STR #   0   #   100000      #   true   &#038;'
;
SEQ_SANITIZE($sanitizer);
?><br />

[B]SEQ_SANITIZE – Description:[/B]

SOURCE: p=POST g=GET s=SESSION c=COOKIE (REQUEST is always sanitized)
TYPE: integer,float=INT string=STR
MIN: integer,float: minimal number | string: minimal length
MAX: integer,float: maximal number | string: maximal length
XSS: true=perform xss-prevention

The list of variables which must be sanitized can be extended by adding more lines. Take care to not forget
the boundary characters between the params (#) and at the end of every line (&). In case you do, please send me a copy
to help other user also get secure.

Das könnte dich auch interessieren …