Múlt héten milw0rm SQL injection jellegű biztonsági rést talált a WordPress Forum plugin 1.7.4 verziójában. Én pedig itt megmutatom, hogyan lehet a hibát kijavítani.
Az eredeti hibajelentés itt található.
Mint ahogyan a bevezetőben is említettem, ez egy standard SQL parancs befecskendezésés hiba, vagy szépen angolul SQL injection. A hiba a _GET paraméter trehány kezelésén és a forum_get_posts_by_user funkció hibás hívásán alapul.
A forum_show_profile funkció a ludas, ami egy alias a forum_get_profile funkcióra, a wp-forum.php 917. sorában:
function forum_show_profile(){ return forum_get_profile($_GET['user']); } |
Nos, nézzük mit is csinál a forum_get_profile funkció. Erre választ a forum_functions.php 363. sorában találhatunk:
function forum_get_profile($user){ global $user_ID, $table_threads, $wpdb, $rss_link, $profile_link; $profile = new WP_User($user); ... <td valign='top' class='table_meta'>Recent posts: </td><td>".forum_get_posts_by_user($user, 10)."</td> ... |
Azt hiszem, a legegyszerűbb megoldás az, hogy a kapott $user változót erőszakosan számmá konvertáljuk még WP_User osztály hívása előtt. Valahogy így:
$user = intval($user); $profile = new WP_User($user); |
Nos, ennyi volt 🙂
hvit midi kjole forever 21 deuter 18 exp giubbotto nike invernale uomo nemeziz blanc et bleu nike kyrie 5 basketball zapatillas colorado rockies new era mlb 5 star 59fifty berretto
annkimfashion
tools home improvement cam type connectors home kitchen cloth napkins 6 arts crafts portfolios 2 industrial scientific memory components home kitchen boot shoe boxes toys games medical kits
diplomsclubs [url=http://us.diplomsclubs.com/]diplomsclubs[/url]
boys active shirts tees 1 mens shorts pleated 1 automotive panel flange tools automotive under seat consoles automotive windshield washer home kitchen mantel shelves
zamanisc [url=http://us.zamanisc.net/]zamanisc[/url]
zapatillas all star hombrebalenciaga director creativoapple watch serie 3 nike 38mmpantalones cortos mujer adidas vintage rojoo
mens visors toys games picnic tables industrial scientific beam trolleys girls rain wear 3 industrial scientific control valves home kitchen french presses
wayinjp
industrial scientific teapots 1 home kitchen chair covers 8 industrial scientific elevators home kitchen duvet covers 7 home kitchen in home recycling bins womens active leggings 8
diamondlashay
arts crafts fabric textile paints industrial scientific furnaces industrial scientific arbor type milling cutters industrial scientific hinges tools home improvement polyurethanes shellac varnish automotive hand tools wrenches
drdusukhapi
boys swim board shorts 4 toys games self balancing scooters 1 mens athletic socks 7 home kitchen iced tea glasses mens baseball caps 8 tools home improvement table lamps
nowruzhaly
bottines femme eccojean slim kaporalarmani jeans robesjean evase pour homme
marni sabot mules schwarz rockstud flats iphone 10 bumper hoesje nike mens marcus mariota elite black jersey tennessee titans nfl 8 usa flag fashion over the shoulder m臋skie torebki iphone 6 plus nuud lifeproof case
ecosisisi
trendy phone pouzdro ganni dot mesh maxi 拧aty disney fitted cappelli soft dr martens fila disruptor sandalen otterbox hoesje moto g6
omgcfl
ivermectin for people https://ivermectin.mlsmalta.com/
do i need a prescription for clomid https://salemeds24.wixsite.com/clomid
carhartt cram shirt pli dos銈广儕銈ゃ儑銉?銈搞儍銉?銈广儖銉笺偒銉?銈姐兗銉?/a>銉椼兗銉?銈淬儷銉?銉濄兗銉?/a>銉娿偆銈?銈广儖銉笺偒銉?楂橀
industrial scientific tlc sprayers home kitchen runners 5 automotive power adapters mens tank tops 4 tools home improvement range hoods home kitchen poufs
rodcloud
industrial scientific bath accessories 4 home kitchen ceiling mounted storage racks 2 tools home improvement drop cloths plastic sheeting 1 home kitchen towel bars 6 home kitchen ceiling mounted storage racks industrial scientific back supports 3
pawsforsjacs
銉嬨儱銉笺儛銉┿兂銈?鐫€銇撱仾銇?銉儑銈c兗銈?/a>celine farach 姘寸潃air max 95 premium beige銈汇偡銉?銉炪偗銉撱兗 銉曘偅銉?銉戙兗銈兗
chicago blanc sox new era mlb kids stars stripes 59fifty casquette samsung galaxy j3 achieve sag havaianas slim flip flops czarny gr酶nn floral silk kjole studded bum tasche giacca college nike
telecomtrans
kd 11 r贸zsasz铆n footlocker shona joy lace cocktail midi ruha noir clover fitted chapeau lg g6 sag with card holder mint zielony chunky obcasy hvit sleeveless midi kjole
hengyiya
cabelas baseball casquette full body sag iphone xs ecco walking buty m臋skie house of cb svart bandage kjole fjallraven re kanken mini schwarz nike giacche invernali
altinacademy
strathberry tasche review felpa puma bianca air foamposite bleu mirror negro y amarillo air max 97 plus arizona state sun devils cappello retro 1 magas og fekete feh茅r
niubvnp
industrial scientific electrolyte solutions 4 boys sneakers 5 tools home improvement door knobs 1 industrial scientific bath accessories 3 tools home improvement shower walls surrounds 1 boys sunglasses
jamesmvaughn
tools home improvement cooktops automotive heavy duty electrical system parts home kitchen sofa slipcovers industrial scientific cell scrapers spreaders industrial scientific cable staples 2 home kitchen floor full length mirrors 2
dhactun
melodica spielen amazonessen eisenbahn amazonmercedes evo 2 amazonvivo 45 amazon
vidalista 5mg coupons walgreens https://vidalista.mlsmalta.com/
200mg viagra with diaxotrin http://droga5.net/
ivermectin in humans https://ivermectin.webbfenix.com/
tadalafil generic sales in canada http://www.lm360.us/
銈点儢銈点偍銉嗐偅 銈兗銉愩兗銈兗銉?/a>浜烘皸 銈点儹銉氥儍銉?銇嶃倢銇勩倎銈炽兗銉?/a>椋熷櫒 妫?銈儹銈?銈广偪銈ゃ儷浠忓 鍊ゆ 娴勫湡 鐪熷畻
nike tns wholesaleadidas predator tango 18 tr schwarzmade in turkey adidasfinn comfort shoes for sale in germany
plaquenil hydroxychloroquine manufacturer https://hydroxychloroquine.mlsmalta.com/
girls jackets 7 home kitchen favors toys games playhouses home kitchen serving spoons tools home improvement kitchen sinks 2 automotive light bulbs
roadtopars
home kitchen coffee machines 1 automotive catalytic converters parts womens lingerie garters garter belts 3 boys pant sets 3 tools home improvement louvered windows 4 tools home improvement registers grilles vents 2
milfsofvegas
tools home improvement extension ladders industrial scientific thread forming 6 industrial scientific tape applicators home kitchen kids quilt sets 3 home kitchen bed runners scarves 2 automotive light bulbs
cowboycrusade
womens replacement sunglass lenses baby boys rash guard shirts 1 automotive valve cover gasket sets home kitchen fermentation more carboys bady duvet cover sets 4 womens sheers 3
bementesofa
銈淬偔銉栥儶 椁?銉堛偒銈?/a>銈ㄣ儕銉°儷 銉戙兂銉椼偣銈ㄣ偄 銈ゃ兂銉戙偗銉?銉兂銉?姣旇純銉嶃偗銈裤偆 榛?銉撱偢銉嶃偣
銈儵銈炽兂 瀹夊績 銈点偆銉?/a>lan 銈便兗銉栥儷 澶栧舰 瀵告硶銉氥儍銉?鍐欑湡娴磋。 銉兂銈裤儷 宓愬北