UBB.threads PHP Forum Software Community Forums UBB.threads 6 Version 6 Support Hacked?

It would be fine if such dangerous vulnerabilities are mailed to the webmasters that they all become aware of them, even if they do not read all the posts on the UBBThreads forums. Or maybe somebody could create a site where these problems are listed and explained and where bugfix are provided. (Maybe not that good, because it's a good resource for possible hackers.

Why I want this? I thought I have secured my board by using only the $config[allowfiles] options with save extensions. But now I discovered that at least my 5.4.1 installation has another upload bug. And I did not found anything about it on the forums. Although I cannot imagine that this hasen't been discussed yet.

The problem is that in addpost.php it is only checked if the uploaded file contains one of the allowed fileextensions, not if it ends with them!

So it's still possible to upload a file like hack.txt.php if you added ".txt" in $config[allowfiles].

</font><blockquote><font size="1" face="">code:</font><hr /><pre style="font-size:x-small; font-family: monospace;">// Let's see if we want this type of file
if ( ($userfile != "none") && ($userfile) ){
if ($config[allowfiles]) {
$checkfile = str_replace(",","|",$config[allowfiles]);
if (!eregi($checkfile,$userfile_name)) {
$html -> not_right("$lang[FILESALLOWED]: $config[allowfiles]",$Cat);
}
}[/code]</blockquote><font size="" face="">I'm no regular expression expert, but replacing the line with the eregi( ) with the following line worked for me:</font><blockquote><font size="1" face="">code:</font><hr /><pre style="font-size:x-small; font-family: monospace;"> if (!preg_match ('/(' . $checkfile . ')$/i',$userfile_name)) {[/code]</blockquote><font size="" face="">Again: Please note that this is in my 5.4.1 version. So I do not know how this is handled in newer versions.

nòóx
_____________________
www.dh-rangers.com, www.downhill-board.com