[Imc-tech] patch UCIMC immediately
Ryan Kaldari
kaldari at monsterlabs.com
Mon Oct 25 10:57:12 CDT 2004
At least 3 IMC sites were hacked over the weekend. Please make sure
that your dada installation is patched against the attack. You'll need
to patch the imc_FunctionLibrary.inc file and the imc_OtherPress.inc
file:
*** imc_classes/imc_FunctionLibrary.inc.allowiframes Sat Oct 23
18:51:39 2004
--- imc_classes/imc_FunctionLibrary.inc Sat Oct 23 19:12:04 2004
***************
*** 638,643 ****
--- 638,644 ----
"'<object[^>]*?>.*?</object>'si", // Strip out objects
"'<embed[^>]*?>.*?</embed>'si",
// Strip out embeds
"'<applet[^>]*?>.*?</applet>'si", // Strip out applets
+ "'<iframe[^>]*?>'si",
// Strip out iframes
"'</?body[^>]*?>'i",
// Strip out body tags
"'</?html>'i",
// Strip out html tag
);
***************
*** fixed_otherpress/imc_classes/imc_OtherPress.inc Sun Oct 24 18:05:42
2004
--- otherpress/imc_classes/imc_OtherPress.inc Sat Oct 23 06:04:32 2004
***************
*** 118,133 ****
if (isset($form_section)) $this->set_section($form_section);
if (isset($form_parentid)) $this->set_parentid($form_parentid);
if (isset($form_category_ids))
$this->set_category_ids($form_category_ids);
! if (isset($form_author))
! $this->set_author(htmlentities(cleantext($form_author)));
! if (isset($form_heading))
! $this->set_heading(htmlentities(cleantext($form_heading)));
! if (isset($form_summary))
! $this->set_summary(htmlentities(cleantext($form_summary)));
! if (isset($form_organization))
!
$this->set_organization(htmlentities(cleantext($form_organization)));
! if (isset($form_link))
! $this->set_link(htmlentities(cleantext($form_link)));
}
--- 118,128 ----
if (isset($form_section)) $this->set_section($form_section);
if (isset($form_parentid)) $this->set_parentid($form_parentid);
if (isset($form_category_ids))
$this->set_category_ids($form_category_ids);
! if (isset($form_author)) $this->set_author($form_author);
! if (isset($form_heading)) $this->set_heading($form_heading);
! if (isset($form_summary)) $this->set_summary($form_summary);
! if (isset($form_organization))
$this->set_organization($form_organization);
! if (isset($form_link)) $this->set_link($form_link);
}
***************
More information about the Imc-tech
mailing list