[geeklog-cvs] geeklog: Fixed SQL injection in the session handling

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sat Apr 4 13:50:15 EDT 2009 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/0e10ca8cf00c
changeset: 6888:0e10ca8cf00c
user:      Dirk Haun <dirk at haun-online.de>
date:      Sat Apr 04 16:25:45 2009 +0200
description:
Fixed SQL injection in the session handling

diffstat:

5 files changed, 21 insertions(+), 6 deletions(-)
public_html/admin/install/index.php |    2 +-
public_html/docs/changes.html       |    7 +++++++
public_html/docs/history            |   10 ++++++++++
public_html/siteconfig.php.dist     |    2 +-
system/lib-sessions.php             |    6 ++----

diffs (89 lines):

diff -r d7bb5b8d4145 -r 0e10ca8cf00c public_html/admin/install/index.php
--- a/public_html/admin/install/index.php	Mon Mar 30 20:42:58 2009 +0200
+++ b/public_html/admin/install/index.php	Sat Apr 04 16:25:45 2009 +0200
@@ -48,7 +48,7 @@
     define("LB", "\n");
 }
 if (!defined('VERSION')) {
-    define('VERSION', '1.5.2sr1');
+    define('VERSION', '1.5.2sr2');
 }
 if (!defined('XHTML')) {
     define('XHTML', ' /');
diff -r d7bb5b8d4145 -r 0e10ca8cf00c public_html/docs/changes.html
--- a/public_html/docs/changes.html	Mon Mar 30 20:42:58 2009 +0200
+++ b/public_html/docs/changes.html	Sat Apr 04 16:25:45 2009 +0200
@@ -15,6 +15,13 @@
 and / or obvious changes. For a detailed list of changes, please consult the
 <a href="history">ChangeLog</a>. The file <tt>docs/changed-files</tt> has a list
 of files that have been changed since the last release.</p>
+
+<h2><a name="changes152sr2">Geeklog 1.5.2sr2</a></h2>
+
+<p>Bookoo of the Nine Situations Group posted an SQL injection exploit for glFusion that also works with Geeklog. This issue allowed an attacker to extract the password hash for any account and is fixed with this release.</p>
+
+
+<p>Fernando Muñoz reported a possible <a href="http://en.wikipedia.org/wiki/XSS" title="Click to look up 'XSS' on Wikipedia" style="text-decoration: none; color: black; border-bottom: 1px dotted black;">XSS</a> in the query form on most admin panels that we are fixing with this release.</p>
 
 <h2><a name="changes152sr1">Geeklog 1.5.2sr1</a></h2>
 
diff -r d7bb5b8d4145 -r 0e10ca8cf00c public_html/docs/history
--- a/public_html/docs/history	Mon Mar 30 20:42:58 2009 +0200
+++ b/public_html/docs/history	Sat Apr 04 16:25:45 2009 +0200
@@ -1,4 +1,14 @@
 Geeklog History/Changes:
+
+Apr 4, 2009 (1.5.2sr2)
+-----------
+
+This release addresses the following security issue:
+
+Bookoo of the Nine Situations Group posted an SQL injection exploit for glFusion
+that also works with Geeklog. This issue allowed an attacker to extract the
+password hash for any account and is fixed with this release.
+
 
 Mar 30, 2009 (1.5.2sr1)
 ------------
diff -r d7bb5b8d4145 -r 0e10ca8cf00c public_html/siteconfig.php.dist
--- a/public_html/siteconfig.php.dist	Mon Mar 30 20:42:58 2009 +0200
+++ b/public_html/siteconfig.php.dist	Sat Apr 04 16:25:45 2009 +0200
@@ -38,7 +38,7 @@
   define('LB',"\n");
 }
 if (!defined('VERSION')) {
-  define('VERSION', '1.5.2sr1');
+  define('VERSION', '1.5.2sr2');
 }
 
 ?>
diff -r d7bb5b8d4145 -r 0e10ca8cf00c system/lib-sessions.php
--- a/system/lib-sessions.php	Mon Mar 30 20:42:58 2009 +0200
+++ b/system/lib-sessions.php	Sat Apr 04 16:25:45 2009 +0200
@@ -8,7 +8,7 @@
 // |                                                                           |
 // | Geeklog session library.                                                  |
 // +---------------------------------------------------------------------------+
-// | Copyright (C) 2000-2008 by the following authors:                         |
+// | Copyright (C) 2000-2009 by the following authors:                         |
 // |                                                                           |
 // | Authors: Tony Bibbs       - tony AT tonybibbs DOT com                     |
 // |          Mark Limburg     - mlimburg AT users DOT sourceforge DOT net     |
@@ -29,8 +29,6 @@
 // | Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.           |
 // |                                                                           |
 // +---------------------------------------------------------------------------+
-//
-// $Id: lib-sessions.php,v 1.47 2008/09/21 08:37:12 dhaun Exp $
 
 /**
 * This is the session management library for Geeklog.  Some of this code was
@@ -397,7 +395,7 @@
     if ($md5_based == 1) {
         $sql = "UPDATE {$_TABLES['sessions']} SET start_time=$newtime WHERE (md5_sess_id = '$sessid')";
     } else {
-        $sql = "UPDATE {$_TABLES['sessions']} SET start_time=$newtime WHERE (sess_id = $sessid)";
+        $sql = "UPDATE {$_TABLES['sessions']} SET start_time=$newtime WHERE (sess_id = '$sessid')";
     }
 
     $result = DB_query($sql);

More information about the geeklog-cvs mailing list