Início
Steam
A BrainCMS vem com um bug, que aceita comandos SQL e SCRIPTS na área de notícias, tanto nos comentários, como na criação da notícia no painel administrativo.
Para resolver:
Crie um arquivo PHP com o nome sanitize.php na pasta
system/app/classes/
E cole esse código:
- Código:
<?php[size=12][/size]
/**[size=12][/size]
* Classe que contem os métodos que iram[size=12][/size]
* filtrar as entradas enviadas via GET e POST[size=12][/size]
*[size=12][/size]
* @filesource[size=12][/size]
* @author Pedro Elsner <pedro.elsner@gmail.com>[size=12][/size]
* @license http://creativecommons.org/licenses/by/3.0/br/ Creative Commons 3.0[size=12][/size]
* @abstract[size=12][/size]
* @version 1.0[size=12][/size]
*/[size=12][/size]
abstract class Sanitize {[size=12][/size]
/**[size=12][/size]
* Filter[size=12][/size]
* [size=12][/size]
* @param mixed $value[size=12][/size]
* @param array $modes[size=12][/size]
* @return mixed[size=12][/size]
* @static[size=12][/size]
* @since 1.0[size=12][/size]
*/[size=12][/size]
static public function filter($value, $modes = array('sql', 'html')) {[size=12][/size]
if (!is_array($modes)) {[size=12][/size]
$modes = array($modes);[size=12][/size]
}[size=12][/size]
if (is_string($value)) {[size=12][/size]
foreach ($modes as $type) {[size=12][/size]
$value = self::_doFilter($value, $type);[size=12][/size]
}[size=12][/size]
return $value;[size=12][/size]
}[size=12][/size]
foreach ($value as $key => $toSanatize) {[size=12][/size]
if (is_array($toSanatize)) {[size=12][/size]
$value[$key]= self::filter($toSanatize, $modes);[size=12][/size]
} else {[size=12][/size]
foreach ($modes as $type) {[size=12][/size]
$value[$key] = self::_doFilter($toSanatize, $type);[size=12][/size]
}[size=12][/size]
}[size=12][/size]
}[size=12][/size]
return $value;[size=12][/size]
}[size=12][/size]
/**[size=12][/size]
* DoFilter[size=12][/size]
* [size=12][/size]
* @param mixed $value[size=12][/size]
* @param array $modes[size=12][/size]
* @return mixed[size=12][/size]
* @static[size=12][/size]
* @since 1.0[size=12][/size]
*/[size=12][/size]
static protected function _doFilter($value, $mode) {[size=12][/size]
switch ($mode) {[size=12][/size]
case 'html':[size=12][/size]
$value = strip_tags($value);[size=12][/size]
$value = addslashes($value);[size=12][/size]
$value = htmlspecialchars($value);[size=12][/size]
break;[size=12][/size]
[size=12][/size]
case 'sql':[size=12][/size]
$value = preg_replace(sql_regcase('/(from|select|insert|delete|where|drop table|show tables|#|\*| |\\\\)/'),'',$value);[size=12][/size]
$value = trim($value);[size=12][/size]
break;[size=12][/size]
}[size=12][/size]
return $value;[size=12][/size]
}[size=12][/size]
}
Agora, abra o arquivo class.admin.php
Caminho: system/app/classes/class.admin.php
Agora importe a classe colocando:
require_once('sanitize.php');
Após
Nesse mesmo arquivo (class.admin.php) procure por:
function EditNews
e
PostNews()
E após a { em cima do global
Cole isso:
- Código:
$_GET = Sanitize::filter($_GET);[size=12][/size]
$_POST = Sanitize::filter($_POST);
Pronto, salve o arquivo e já esta corrigido o bug.
Créditos:
iJockerOficial
http://pedroelsner.com/2011/06/bloqueando-injections-xss-no-php/
[/size]
