 |
PFS/Upload Vunerablity Fix
|
 |
#1302 |
2010-01-27 17:09 GMT  |
Kaan
User is:
  Posts: 2772
Ülke:
 İstanbul - 34Meslek: Serbest Meslek
Age: 43
|
PFS/Upload Vunerablity Fix
I've coded this fix myself, It uses a SQL DB to store file information. At a future dat it will Allow, an Admin option to Enable/Disable Checks/Add/Remove Checks from the Admin Panel. I searched files myself for the appropriate data. I have support for all the default Upload options Seditio allows for upload, and a couple extra. This can also be used with and is HIGHLY RECOMMENDED for any plugin, that allows for uploading of files Images included. You only need to call sed_file_check($filepath, $filename, $file_extension). If it is a Valid File it Retruns TRUE, non valid files return FALSE Invalid files create a Security warning logs. Any file extension that is not an image, and not known in the SQL DB Will pass through as TRUE, but generate a log warning. Please Backup all files before modifying them incase you do something wrong. This has been tested on Apache But not IIS or any other. I've had to Include the instructions into a html file inside a rar. Just download the rar, and open the HTML file. I will let you know as I make updates and improvments Open your .htacess and add this (dunno if IIS does it same or however) This will force any .rar files to be downloaded isntead of executing. AddType application/x-rar rar If you have Cpanel, you can go into it and choose Mime Type, and you should beable to add a custom Mimetype. Mimetype is: application/x-rar Extension is: rar Regardless of if you provide any public accessable file uploads you should do this. This has Currently only been tested with Seditio 121, If you try this on another version please let me know First off Open system/functions.php Find the following Kod: function sed_xp() { return ("<div><input type=\"hidden\" id=\"x\" name=\"x\" value=\"".sed_sourcekey()."\" /></div>"); } After it add the following /* ------------------ */ Kod: function sed_file_check($path, $name, $ext) { global $db_mime; $fcheck = FALSE; if(in_array($ext, array('jpg', 'jpeg', 'png', 'gif'))) { switch($ext) { case 'gif': $fcheck = @imagecreatefromgif($path); break; case 'png': $fcheck = @imagecreatefrompng($path); break; default: $fcheck = @imagecreatefromjpeg($path); break; } $fcheck = (!$fcheck) ? FALSE : TRUE; } else{ $sql_mime = sed_sql_query("SELECT * FROM $db_mime WHERE mime_ext='".$ext."'"); if(sed_sql_numrows($sql_mime) != 0) { while ($row = sed_sql_fetcharray($sql_mime)) { $f = ((substr(phpversion(),0, 3)>="5.1")) ? '' : fopen($path, "rb"); if(substr(phpversion(),0, 3) < "5.1") fseek($f, $row['mime_sbyte']); $ff = ((substr(phpversion(),0, 3)>="5.1")) ? '' : fread($f, $row['mime_bytelen']); $content = (substr(phpversion(),0, 3)>="5.1") ? file_get_contents($path,0,NULL,$row['mime_sbyte'],$row['mime_bytelen']) : $ff ; $content = ($row['mime_ishex']) ? bin2hex($content) : $content; $row['mime_search'] = ($row['mime_ishex']) ? strtolower($row['mime_search']) : $row['mime_search']; $i++; if ($content == $row['mime_search']) { $fcheck = TRUE; break; } } $fclose = ((substr(phpversion(),0, 3)>="5.1")) ? '' : fclose($f); } else{ $fcheck = TRUE; sed_log('Warning: No Mime Type data was found for the Extension: '.$ext.' Filename - '.$name, 'sec'); } } if(!$fcheck) { sed_log('Warning: File Check Failed for Extension '.$ext.' Filename - '.$name, 'sec'); } return($fcheck); } Open core/lang/main.lang.php Find the following. Kod: $L['pfs_extallowed'] After it add the following. $L['pfs_filenotvalid'] = "This is not a valid %1\$s file."; You can translate it, leave %1\$s This returns the extension of the file being upload Open system/core/pfs/pfs.inc.php Find the following. Kod: $f_extension_ok = 0; After it add the following Kod: $fcheck = sed_file_check($u_tmp_name, $u_name, $f_extension); if($fcheck) { Then find the following Kod: else { $disp_errors .= $L['pfs_filetoobigorext']; } After it add the following. Kod: } else{ $disp_errors .= sprintf($L['pfs_filenotvalid'], $f_extension); } Open datas/config.php Find the following. Kod: $db_users = 'sed_users'; After it add the following. Kod: $db_mime = 'sed_mimetype'; Now you need to run the following SQL Kod: CREATE TABLE sed_mimetype ( mime_id int(10) unsigned NOT NULL auto_increment, mime_ext varchar(255) NOT NULL default '', mime_type varchar(255) NOT NULL default '', mime_search varchar(255) NOT NULL default '', mime_ishex tinyint(1) NOT NULL default '0', mime_sbyte varchar(255) NOT NULL default '', mime_bytelen varchar(255) NOT NULL default '', mime_isdisabled tinyint(1) NOT NULL default '0', mime_order smallint(4) NOT NULL default '1', PRIMARY KEY (mime_id) ) ENGINE=MyISAM; INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('rar','application/x-rar', 'Rar!', '0', '0', '4', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('zip','application/zip', '504B03041400', '1', '0', '6', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('gz','application/x-gzip', '1F8B0800', '1', '0', '4', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('tar.gz','application/x-gzip', '1F8B0808', '1', '0', '4', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('pdf','application/pdf', '!!', '0', '0', '7', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('avi','video/avi', 'AVI', '0', '8', '3', '0', '2'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('avi','video/avi', 'RIFF', '0', '0', '4', '0', '2'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('qt','video/quicktime', 'ftypqt', '0', '4', '6', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('qt','video/quicktime', 'moov', '0', '24', '4', '0', '2'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('mov','video/quicktime', 'ftypqt', '0', '4', '6', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('mov','video/quicktime', 'moov', '0', '24', '4', '0', '2'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('mpg','video/mpeg', '000001BA', '1', '0', '4', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('mpg','video/mpeg', '000001B3', '1', '0', '4', '0', '2'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('mpeg','video/mpeg', '000001BA', '1', '0', '4', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('mpeg','video/mpeg', '000001B3', '1', '0', '4', '0', '2'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('ogg','application/ogg', 'OggS', '0', '0', '4', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('mp3','audio/mpeg', 'ID3', '0', '0', '3', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('wav','audio/x-wav', 'WAVEfmt', '0', '8', '7', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('wav','audio/x-wav', 'RIFF', '0', '0', '4', '0', '2'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('wmv','video/x-ms-wmv', '3026B2758E66CF11A6D900AA0062CE6C', '1', '0', '16', '0', '1'); INSERT INTO sed_mimetype (`mime_ext`,`mime_type`, `mime_search`, `mime_ishex`, `mime_sbyte`, `mime_bytelen`, `mime_isdisabled`, `mime_order`) VALUES ('bmp','image/bmp', 'BM', '0', '0', '2', '0', '1'); This should be all you need to do to fix it. ?ndir:  1-1-121-upload-fix.rar |
Emlak, Oto Galeri, Rent A Car, ?iir, Edebiyat Script Sipari?lerinizi Verebilirsiniz. Detaylar ??in: kaan@ntka.org Seditio 170 ?ndir Capte M?zik ?ndir Seditio Toolbar ?ndir |
 |
 |
|
PFS/Upload Vunerablity Fix
|
|
#1307 |
2010-01-27 20:04 GMT |
byfelaket
User is:
Posts: 28
Ülke:
--- - 00Meslek: yok..
Age: 39
|
Ben Pfs yi oldu?u gibi kald?rm??t?m bunu yaparsam sorun ??kart?rm?ki yapmamda fayda varm??
|
|
|
|
PFS/Upload Vunerablity Fix
|
|
#1308 |
2010-01-27 21:46 GMT |
|
Kaan
User is:
Posts: 2772
Ülke:
İstanbul - 34Meslek: Serbest Meslek
Age: 43
|
Alıntı Kafana g?re tak?l ister yap ister yapma bunu yaparsan upload edilen dosyalar? kontrol ediyorsun hatta dahada geli?tirerek upload edilen dosyalar? sana mail yada ?zel mesaj olarak g?ndere bilirsinve sed_log b?l?m?nde g?rebilirsin. |
Emlak, Oto Galeri, Rent A Car, ?iir, Edebiyat Script Sipari?lerinizi Verebilirsiniz. Detaylar ??in: kaan@ntka.org Seditio 170 ?ndir Capte M?zik ?ndir Seditio Toolbar ?ndir |
|
|
|
PFS/Upload Vunerablity Fix
|
|
#1309 |
2010-01-27 21:54 GMT |
|
byfelaket
User is:
Posts: 28
Ülke:
--- - 00Meslek: yok..
Age: 39
|
hmm tamam o zaman yapay?m saolun.
|
|
|
|
PFS/Upload Vunerablity Fix
|
|
#1310 |
|
Aragorn-pc
User is:
Posts: 163
Ülke:
Kayseri - 38Meslek: Kanserle Savaþýyor..
Age: 40
|
Ben zaman?nda sed_log olay?n? uygulam??t?m ve hala kullanmaktay?m, ama bu modifikasyonda iyi olmu? yinede. te?ekk?rler
|
Reklama Gerek Yok Eskiler Tan?r, Yeniler ?rnek AL?r ! Alay?na ?SYAN ! Az Bir Zamanda Dev Projeler ile Yay?n Hayat?nda ! Sabrediyorum.. |
|
|
