[Imc-tech] patch UCIMC immediately

Ryan Kaldari kaldari at monsterlabs.com
Mon Oct 25 10:57:12 CDT 2004 

At least 3 IMC sites were hacked over the weekend. Please make sure 
that your dada installation is patched against the attack. You'll need 
to patch the imc_FunctionLibrary.inc file and the imc_OtherPress.inc 
file:

*** imc_classes/imc_FunctionLibrary.inc.allowiframes        Sat Oct 23 
18:51:39 2004
--- imc_classes/imc_FunctionLibrary.inc     Sat Oct 23 19:12:04 2004
***************
*** 638,643 ****
--- 638,644 ----
                                         
"'<object[^>]*?>.*?</object>'si",       // Strip out objects
                                         "'<embed[^>]*?>.*?</embed>'si", 
         // Strip out embeds
                                         
"'<applet[^>]*?>.*?</applet>'si",       // Strip out applets
+                                       "'<iframe[^>]*?>'si",           
         // Strip out iframes
                                         "'</?body[^>]*?>'i",            
         // Strip out body tags
                                         "'</?html>'i",                  
         // Strip out html tag
                                         );
***************


*** fixed_otherpress/imc_classes/imc_OtherPress.inc	Sun Oct 24 18:05:42 
2004
--- otherpress/imc_classes/imc_OtherPress.inc	Sat Oct 23 06:04:32 2004
***************
*** 118,133 ****
   		if (isset($form_section)) $this->set_section($form_section);
   		if (isset($form_parentid)) $this->set_parentid($form_parentid);
   		if (isset($form_category_ids)) 
$this->set_category_ids($form_category_ids);
! 		if (isset($form_author))
!           $this->set_author(htmlentities(cleantext($form_author)));
! 		if (isset($form_heading))
!           $this->set_heading(htmlentities(cleantext($form_heading)));
! 		if (isset($form_summary))
!           $this->set_summary(htmlentities(cleantext($form_summary)));
! 		if (isset($form_organization))
!           
$this->set_organization(htmlentities(cleantext($form_organization)));
! 		if (isset($form_link))
!           $this->set_link(htmlentities(cleantext($form_link)));
   	}


--- 118,128 ----
   		if (isset($form_section)) $this->set_section($form_section);
   		if (isset($form_parentid)) $this->set_parentid($form_parentid);
   		if (isset($form_category_ids)) 
$this->set_category_ids($form_category_ids);
! 		if (isset($form_author)) $this->set_author($form_author);
! 		if (isset($form_heading)) $this->set_heading($form_heading);
! 		if (isset($form_summary)) $this->set_summary($form_summary);
! 		if (isset($form_organization)) 
$this->set_organization($form_organization);
! 		if (isset($form_link)) $this->set_link($form_link);
   	}


***************

More information about the Imc-tech mailing list