WebsiteBaker Community Forum

WebsiteBaker => Security Announcements => Topic started by: Ryan on January 30, 2007, 10:40:00 AM

Title: Securitry vulnerability in WB <= 2.6.5 with REMEMBER_ME feature
Post by: Ryan on January 30, 2007, 10:40:00 AM

Hi all,

Yesterday I discovered a recent ticket regarding a possible vulnerability in WebsiteBaker version 2.6.5 (or earlier).
To view the ticket please visit: http://projects.WebsiteBaker.org/websitebaker2/ticket/376

Please make note of the following information:

Quote

Successful exploitation requires that "magic_quotes_gpc" is disabled.

This means that most users should be safe, as magic_quotes_gpc is turned on by default.

Since discovering the exploit, our Development team, specifically Matthias, has worked hard to provide a fix.
There is a single file that has been modified...
- to view changes, please see: http://projects.WebsiteBaker.org/websitebaker2/changeset/423
- to download the file, visit: http://projects.WebsiteBaker.org/websitebaker2/browser/branches/2.6.x/wb/framework/class.login.php?format=raw

Alternatively, you can export the following Subversion URL for a "snapshot" of the soon-to-be-released 2.6.6:
http://svn.WebsiteBaker.org/websitebaker2/branches/2.6.x/

As mentioned above, 2.6.6 will be released soon - it just has to be officially tested and released.

We have done our best to respond to this problem as quick as possible, as we realise it may seriously affect some users.
For this purpose, we have placed this announcement in the security announcements board.

I would like to thank the Development team for their great work on this fix :wink:

Ryan.

Title: Re: Securitry vulnerability in WB <= 2.6.5 with REMEMBER_ME feature
Post by: ruebenwurzel on January 30, 2007, 11:49:48 AM

Hello,

i specially wanna thanks ozsynergy who posted the fix in this thread:

http://forum.WebsiteBaker.org/index.php/topic,5241.msg32953.html#msg32953 (http://forum.WebsiteBaker.org/index.php/topic,5241.msg32953.html#msg32953)

Matthias

Title: Re: Securitry vulnerability in WB <= 2.6.5 with REMEMBER_ME feature
Post by: Ryan on January 30, 2007, 12:16:48 PM

Matthias,

There is no need for you link as the file I mentioned above can be downloaded via Trac using:
http://projects.WebsiteBaker.org/websitebaker2/browser/branches/2.6.x/wb/framework/class.login.php?format=raw
or even straight out of svn using:
http://svn.WebsiteBaker.org/websitebaker2/branches/2.6.x/wb/framework/class.login.php
(some browsers may need to right click "save as").
 :wink:

Ryan.

Title: Re: Securitry vulnerability in WB <= 2.6.5 with REMEMBER_ME feature
Post by: ruebenwurzel on January 30, 2007, 01:42:45 PM

Hello,

sorry, removed the link.

Matthias

Title: Re: Securitry vulnerability in WB <= 2.6.5 with REMEMBER_ME feature
Post by: tomhung on June 25, 2007, 09:01:05 PM

can we start a mailing list that emails admins with security advisories?  It would help to have a push system instead of a pull.  IE.  I forget to check the forums and dont want to be 120 days vuln to exploits.

G

Title: Re: Securitry vulnerability in WB <= 2.6.5 with REMEMBER_ME feature
Post by: tomhung on June 25, 2007, 09:04:11 PM

At least put a Sticky message in Announcements > Security Announcements that advises to click "Notify" on the page to get new threads in that forum. 

G

Title: Re: Securitry vulnerability in WB <= 2.6.5 with REMEMBER_ME feature
Post by: Waldschwein on June 26, 2007, 06:26:11 PM

Hi!
Well, I suggest a news page or a really noticable news module on the frontpage of WebsiteBaker.org like every (I don't no one besides WB that hasn't it) other web-software.
The forum is quite confused and not very user friendliy I think, especially the section for languages besides english. And in the guest forum there are spam posts for days...

Greets Michael

Title: Re: Securitry vulnerability in WB <= 2.6.5 with REMEMBER_ME feature
Post by: tomhung on June 26, 2007, 07:27:03 PM

we need something people can subscribe to.  i sorta pay attention to this kinda stuff and missed this vuln for 6 months.  this is because it is a pull system.