فواز باراوي

32

3,435

وداعا لأختراق النسخ 3.8.7 ترقيع الثغرات

السلام عليكم ورحمة الله وبركاته

تم اصدار ترقيع للنسخة 3.8.7 وكذلك للنسخة 4.1.4

- قم بفتح ملف class_core.php
وابحث بداخله عن :




// ##################################################  ###########################
/**
* Removes the full path from being disclosed on any errors
*
* @param integer Error number
* @param string PHP error text string
* @param strig File that contained the error
* @param integer Line in the file that contained the error
*/
function vb_error_handler($errno, $errstr, $errfile, $errline)
{
global $vbulletin;

switch ($errno)
{
case E_WARNING:
case E_USER_WARNING:
/* Don't log warnings due to to the false bug reports about valid warnings that we suppress, but still appear in the log
require_once(DIR . '/includes/functions_log_error.php');
$message = "Warning: $errstr in $errfile on line $errline";
log_vbulletin_error($message, 'php');
*/

if (!error_reporting() OR !ini_get('display_errors'))
{
return;
}
$errfile = str_replace(DIR, '[path]', $errfile);
$errstr = str_replace(DIR, '[path]', $errstr);
echo "
Warning: $errstr in $errfile on line $errline
";
break;

case E_USER_ERROR:
require_once(DIR . '/includes/functions_log_error.php');
$message = "Fatal error: $errstr in $errfile on line $errline";
log_vbulletin_error($message, 'php');

if (!headers_sent())
{
if (SAPI_NAME == 'cgi' OR SAPI_NAME == 'cgi-fcgi')
{
header('Status: 500 Internal Server Error');
}
else
{
header('HTTP/1.1 500 Internal Server Error');
}
}

if (error_reporting() OR ini_get('display_errors'))
{
$errfile = str_replace(DIR, '[path]', $errfile);
$errstr = str_replace(DIR, '[path]', $errstr);
echo "
Fatal error: $errstr in $errfile on line $errline
";
if (function_exists('debug_print_backtrace') AND ($vbulletin->userinfo['usergroupid'] == 6 OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions)))
{
// This is needed so IE doesn't show the pretty error messages
echo str_repeat(' ', 512);
debug_print_backtrace();
}
}
exit;
break;
}
}






استبدله بـ :



// ################################################## ###########################
/**
* Unicode-safe version of htmlspecialchars()
*
* @param string Text to be made html-safe
*
* @return string
*/
function htmlspecialchars_uni($text, $entities = true)
{
return str_replace(
// replace special html characters
array('<', '>', '"'),
array('<', '>', '"'),
preg_replace(
// translates all non-unicode entities
'/&(?!' . ($entities ? '#[0-9]+|shy' : '(#[0-9]+|[a-z]+)') . ';)/si',
'&',
$text
)
);
}






2 - قم بفتح الملف functions.php وابحث بداخله عن :



      if ($vbulletin->options['useheaderredirect'] AND   !$forceredirect  AND !headers_sent() AND  !$vbulletin->GPC['postvars'])
{
exec_header_redirect($vbulletin->url);
}

$title = $vbulletin->options['bbtitle'];

$pagetitle = $title;
$errormessage = $message;

$url = unhtmlspecialchars($vbulletin->url);
$url = str_replace(chr(0), '', $url);
$url = create_full_url($url);
$url = str_replace($str_find, $str_replace, $url);
$js_url = addslashes_js($url, '"'); // " has been replaced by "

$url = preg_replace(
array('/�*59;?/', '/�*3B;?/i', '#;#'),
'%3B',
$url
);
$url = preg_replace('#&%3B#i', '&', $url);

define('NOPMPOPUP', 1); // No footer here

require_once(DIR . '/includes/functions_misc.php');
$postvars = construct_hidden_var_fields(verify_client_string($ vbulletin->GPC['postvars']));
$formfile =& $url;

($hook = vBulletinHook::fetch_hook('redirect_generic')) ? eval($hook) : false;

eval('print_output("' . fetch_template('STANDARD_REDIRECT') . '");');
exit;
}






استبدله بـ :



if ($vbulletin->url)
{
$foundurl = false;
if ($urlinfo = @parse_url($vbulletin->url))
{
if (!$urlinfo['scheme'])
{ // url is made full in exec_header_redirect which stops a url from being redirected to, say "www.php.net" (no http://)
$foundurl = true;
}
else
{
$whitelist = array();
if ($vbulletin->options['redirect_whitelist'])
{
$whitelist = explode("\n", trim($vbulletin->options['redirect_whitelist']));
}
// Add $bburl to the whitelist
$bburlinfo = @parse_url($vbulletin->options['bburl']);
$bburl = "{$bburlinfo['scheme']}://{$bburlinfo['host']}";
array_unshift($whitelist, $bburl);

// if the "realurl" of this request does not equal $bburl, add it as well..
$realurl = VB_URL_SCHEME . '://' . VB_URL_HOST;
if (strtolower($bburl) != strtolower($realurl))
{
array_unshift($whitelist, $realurl);
}

$vburl = strtolower($vbulletin->url);
foreach ($whitelist AS $url)
{
$url = trim($url);
if ($vburl == strtolower($url) OR strpos($vburl, strtolower($url) . '/', 0) === 0)
{
$foundurl = true;
break;
}
}
}
}

if (!$foundurl)
{
eval(standard_error(fetch_error('invalid_redirect_ url_x', $vbulletin->url)));
}
}

if ($vbulletin->options['useheaderredirect'] AND !$forceredirect AND !headers_sent() AND !$vbulletin->GPC['postvars'])
{
exec_header_redirect($vbulletin->url);
}

$title = $vbulletin->options['bbtitle'];

$pagetitle = $title;
$errormessage = $message;

$url = unhtmlspecialchars($vbulletin->url);
$url = str_replace(chr(0), '', $url);
$url = create_full_url($url);
$url = str_replace($str_find, $str_replace, $url);
$js_url = addslashes_js($url, '"'); // " has been replaced by "

$url = preg_replace(
array('/�*59;?/', '/�*3B;?/i', '#;#'),
'%3B',
$url
);
$url = preg_replace('#&%3B#i', '&', $url);

define('NOPMPOPUP', 1); // No footer here

require_once(DIR . '/includes/functions_misc.php');
$postvars = construct_hidden_var_fields(verify_client_string($ vbulletin->GPC['postvars']));
$formfile =& $url;

($hook = vBulletinHook::fetch_hook('redirect_generic')) ? eval($hook) : false;

eval('print_output("' . fetch_template('STANDARD_REDIRECT') . '");');
exit;
}







وداعا لأختراق النسخ 3.8.7

التعليقات (2)

عزامو     
تم ترقيون باي باي يا هكر
intrq8     

شكرا لك ياملك والله لم اجد كلمه افضل منها لكي اتوجك بها فشكرا لك