http://www.dzbatna.com/images/icons/iconrote.gif طھط±ظ‚ظٹط¹ ط«ط؛ط±ط© ط§ظ…ظ†ظٹط© ظپظٹ ط³ظƒط±ط¨طھ MaxForum v1.0.0

---

السلام عليكم ورحمة الله وبركاته

ثغرة جديدة في سكربت MaxForum

السكربت منتشر كثيرة والثغرة ليست خطيرة جدا

لكن يمكن استغلالها بأشكال وطرق مختلفة فتصبح خطيرة لدرجة جدا

الثغرة من نوع : xss

المكتشف s3n4t00r - عالم الحماية العربي - [ Security World ]

الثغرة موجودة في البحث

لترقيع الثغرة استبد ملف search.template.php الموجود في archivetemp\pages

بهذا الملف

رمز PHP:

if (!defined('MAX_ON')){echo "

ACCESS DENIED

You cannot access this file directly.";exit();} ?>
if ($template_hook=='start'){ ?>
}elseif ($template_hook=='1'){ ?>

echo $lang['search_topics_started']; ?> echo "$search_name"; ?>

}elseif ($template_hook=='4'){ ?>
if ($pages <= '1'){}else{ ?>

echo $lang['board_page']; ?>
=(ceil($number_of_posts/$list_posts)); if (!isset($_GET['limit'])){$_GET['limit']="1";} $start="1"; for($i = "1"; $i <= $pages; $i++) { $i_limit=$i; if ($i > 1){ $start=($start+1); } if ($_GET['limit']==$start){ ?>
echo "$max_domain"; ?>/index.php?page=search&area=topics&search=echo "$member_id"; ?>&limit=echo "$i_limit"; ?>">echo "$i"; ?>} else{ ?>if ($_GET['limit'] >="3" && $i_limit < $_GET['limit'] - "2" OR $_GET['limit'] >="3" && $i_limit > $_GET['limit'] + "2"){}elseif($_GET['limit'] >="3" && $i_limit > $_GET['limit'] + "2"){}elseif($_GET['limit'] <= "2" && $i_limit > "4" ){}else{ ?>if ($_GET['limit'] > "2" && $i_limit < $_GET['limit'] - "1"){ ?>
echo "$max_domain"; ?>/index.php?page=search&area=topics&search=echo "$member_id"; ?>&limit=1"><<} ?>
echo "$max_domain"; ?>/index.php?page=search&area=topics&search=echo "$member_id"; ?>&limit=echo "$i_limit"; ?>">echo "$i"; ?>}}} ?>
if ($pages - $_GET['limit'] >= "3"){ ?>
echo "$max_domain"; ?>/index.php?page=search&area=topics&search=echo "$member_id"; ?>&limit=echo "$pages_end"; ?>">>>} ?>

 

} ?>
}elseif ($template_hook=='5'){ ?>

echo max_link("index.php?page=findpost&post=$post_id","findpost/$post_id"); ?>">echo "$title"; ?>

echo "$time"; ?> - echo "$content"; ?>

echo max_link("index.php?page=findpost&post=$post_id","findpost/$post_id"); ?>

}elseif ($template_hook=='10'){ ?>

echo $lang['search_posts_by']; ?> echo "$search_name"; ?>

}elseif ($template_hook=='11'){ ?>
if ($pages <= '1'){}else{ ?>

echo $lang['board_page']; ?>
=(ceil($number_of_posts/$list_posts)); if (!isset($_GET['limit'])){$_GET['limit']="1";} $start="1"; for($i = "1"; $i <= $pages; $i++) { $i_limit=$i; if ($i > 1){ $start=($start+1); } if ($_GET['limit']==$start){ ?>
echo "$max_domain"; ?>/index.php?page=search&area=posts&search=echo "$member_id"; ?>&limit=echo "$i_limit"; ?>">echo "$i"; ?>} else{ ?>if ($_GET['limit'] >="3" && $i_limit < $_GET['limit'] - "2" OR $_GET['limit'] >="3" && $i_limit > $_GET['limit'] + "2"){}elseif($_GET['limit'] >="3" && $i_limit > $_GET['limit'] + "2"){}elseif($_GET['limit'] <= "2" && $i_limit > "4" ){}else{ ?>if ($_GET['limit'] > "2" && $i_limit < $_GET['limit'] - "1"){ ?>
echo "$max_domain"; ?>/index.php?page=search&area=posts&search=echo "$member_id"; ?>&limit=0"><<} ?>
echo "$max_domain"; ?>/index.php?page=search&area=posts&search=echo "$member_id"; ?>&limit=echo "$i_limit"; ?>">echo "$i"; ?>}}} ?>
if ($pages - $_GET['limit'] >= "3"){ ?>
echo "$max_domain"; ?>/index.php?page=search&area=posts&search=echo "$member_id"; ?>&limit=echo "$pages_end"; ?>">>>} ?>

} ?>
}elseif ($template_hook=='12'){ ?>if ($_GET['pf']!=''){ ?>

echo $lang['button_search_form']; ?>

} ?>


if ($_GET['pf']=='1'){ ?>

}else{ ?>

} ?>

echo $lang['search_title']; ?>

echo $lang['search_desc']; ?> echo "$max_domain"; ?>/index.php?"> echo $lang['search_search']; ?> echo $lang['search_search_query']; ?> echo "$search"; ?>" /> echo $lang['search_author']; ?> echo $lang['search_author_desc']; ?> echo "$author_id"; ?>" /> echo htmlspecialchars($author) ?>" /> echo $lang['search_date']; ?> echo $lang['search_date_desc']; ?> echo "$startdate"; ?>" /> -> echo "$enddate"; ?>" /> echo $lang['search_forums']; ?> echo $lang['search_forums_desc']; ?> }elseif ($template_hook=='15'){ ?> echo "$parent_id"; ?>">echo "$parent_name"; ?> }elseif ($template_hook=='16'){ ?> echo "$forum_id"; ?>">|--echo "$forum_name"; ?> }elseif ($template_hook=='17'){ ?> echo "$forum_sub_id"; ?>">|---- echo "$forum_sub_name"; ?> }elseif ($template_hook=='18'){ ?> echo $_GET['topic']; ?>" name="topic" id="topic" />

echo $lang['button_search']; ?>" />

if ($_GET['pf']!=''){ ?>

} ?>
}elseif ($template_hook=='14'){ ?>
if ($pages <= '1'){}else{ ?>

echo $lang['board_page']; ?>
=(ceil($number_of_posts/$list_posts)); if (!isset($_GET['limit'])){$_GET['limit']="1";} $start="1"; for($i = "1"; $i <= $pages; $i++) { $i_limit=$i; if ($i > 1){ $start=($start+1); } if ($_GET['limit']==$start){ ?>
echo "$max_domain"; ?>/index.php?page=search&author=echo "$author"; ?>&author_id=echo "$author_id"; ?>&startdate=echo "$page_start"; ?>&enddate=echo "$enddate_form"; ?>&forums[]=echo "$forum_form"; ?>&search=echo "$words"; ?>&pf=1&limit=echo "$i_limit"; ?>">echo "$i"; ?>} else{ ?>if ($_GET['limit'] >="3" && $i_limit < $_GET['limit'] - "2" OR $_GET['limit'] >="3" && $i_limit > $_GET['limit'] + "2"){}elseif($_GET['limit'] >="3" && $i_limit > $_GET['limit'] + "2"){}elseif($_GET['limit'] <= "2" && $i_limit > "4" ){}else{ ?>if ($_GET['limit'] > "2" && $i_limit < $_GET['limit'] - "1"){ ?>
echo "$max_domain"; ?>/index.php?page=search&author=echo "$author"; ?>&author_id=echo "$author_id"; ?>&startdate=echo "$page_start"; ?>&enddate=echo "$enddate_form"; ?>&forums[]=echo "$forum_form"; ?>&search=echo "$words"; ?>&pf=1&limit=1"><<} ?>
echo "$max_domain"; ?>/index.php?page=search&author=echo "$author"; ?>&author_id=echo "$author_id"; ?>&startdate=echo "$page_start"; ?>&enddate=echo "$enddate_form"; ?>&forums[]=echo "$forum_form"; ?>&search=echo "$words"; ?>&pf=1&limit=echo "$i_limit"; ?>">echo "$i"; ?>}}} ?>
if ($pages - $_GET['limit'] >= "3"){ ?>
echo "$max_domain"; ?>/index.php?page=search&author=echo "$author"; ?>&author_id=echo "$author_id"; ?>&startdate=echo "$page_start"; ?>&enddate=echo "$enddate_form"; ?>&forums[]=echo "$forum_form"; ?>&search=echo "$words"; ?>&pf=1&limit=echo "$pages_end"; ?>">>>} ?>

} ?>
}elseif ($template_hook=='19'){ ?>
if ($pages <= '1'){}else{ ?>

echo $lang['board_page']; ?>
=(ceil($number_of_posts/$list_posts)); if (!isset($_GET['limit'])){$_GET['limit']="1";} $start="1"; for($i = "1"; $i <= $pages; $i++) { $i_limit=$i; if ($i > 1){ $start=($start+1); } if ($_GET['limit']==$start){ ?>
echo max_link("index.php?page=search&area=newposts&limit=$i_limit", "newposts/$i_limit"); ?>">echo "$i"; ?>} else{ ?>if ($_GET['limit'] >="3" && $i_limit < $_GET['limit'] - "2" OR $_GET['limit'] >="3" && $i_limit > $_GET['limit'] + "2"){}elseif($_GET['limit'] >="3" && $i_limit > $_GET['limit'] + "2"){}elseif($_GET['limit'] <= "2" && $i_limit > "4" ){}else{ ?>if ($_GET['limit'] > "2" && $i_limit < $_GET['limit'] - "1"){ ?>
echo max_link("index.php?page=search&area=newposts&limit=1", "newposts/1"); ?>"><<} ?>
echo max_link("index.php?page=search&area=newposts&limit=$i_limit", "newposts/$i_limit"); ?>">echo "$i"; ?>}}} ?>
if ($pages - $_GET['limit'] >= "3"){ ?>
echo max_link("index.php?page=search&area=newposts&limit=$pages_end", "newposts/$pages_end"); ?>">>>} ?>

} ?>
}elseif ($template_hook=='end'){ ?>
} ?>

في امان الله

التعديل الأخير كان بواسطة yos3f; 01 - 08 - 2014 الساعة 03:42

ألعاب الأندرويد مجانا و حصريا

https://fbcdn-sphotos-d-a.akamaihd.n...93518507_n.png
©المشاركات المنشورة تعبر عن وجهة نظر صاحبها فقط، ولا تُعبّر بأي شكل من الأشكال عن وجهة نظر إدارة المنتدى©