• Unfortunately, we have experienced significant hard drive damage that requires urgent maintenance and rebuilding. The forum will be a state of read only until we install our new drives and rebuild all the configurations needed. Please follow our Facebook page for updates, we will be back up shortly! (The forum could go offline at any given time due to the nature of the failed drives whilst awaiting the upgrades.) When you see an Incapsula error, you know we are in the process of migration.

Illumina CMS / Zap CMS - Possible xss patch

xHosts

xHosts

xHosts.uk - Windows & Linux VPS - Cosmic Guard
[VIP] Member
500 Posts [VIP] Subscriber 10 Happy Years
Joined
Sep 10, 2011
Messages
857
Reaction score
354
Hey Ragezone


This is not much but may help some people, in case you have any staff that will abuse having access to housekeeping. It was possible for staff posting news articles to xss your site. If they included meta / JavaScript redirect code in the title or snippet they could redirect users as soon as they login.

In lightcms.php replace the entire "getMainStories" function with the one below;

Yes this is a small release but may help some people, going to hate then don't bother to post.

Code: 
public static function getMainStories($amt) {
			global $db, $tpl, $light;
			if($r = $db->query("SELECT id,title,topstory_image,snippet FROM site_news ORDER BY id DESC LIMIT " . $amt . "")) {
				$c = 0;
				while($a = $r->fetch_assoc()) {
					$disp = 'block';
					$imgurl = $a['topstory_image'];
					if($c > 0) { $disp = 'none'; }
					$_seo = $a['id'] . "-" . strtolower(str_replace(strip_tags(' ', '-', $a['title'])));
					echo '<div class="topstory" style="background-image: url(' . $imgurl . '); display: ' . $disp . ';"> 
							<h4>Latest news</h4> 
							<h3><a href="' . WWW . '/articles/' . $_seo . '">' . $light->filter(strip_tags($a['title'])) . '</a></h3> 
							<p class="summary"> 
							' .$light->filter(strip_tags($a['snippet'])) . '
							</p> 
							<p> 
								<a href="' . WWW . '/articles/' . $_seo . '">Read more »</a> 
							</p> 
						</div>';					
					$c++;
				}
				echo '<div id="topstories-nav" style="display: none"><a href="#" class="prev">« Previous</a><span>1</span> / ' . $c . '<a href="#" class="next">Next »</a></div>';
			}
			else {
				$db->databaseError($db->error);
			}
		}
 
The Best DDoS Protected Servers
H

Hejula

The one and only!
Loyal Member
Joined
Nov 24, 2008
Messages
2,529
Reaction score
1,435
Very good :) Also on the main news articles you could convert it to use BBCode and not allow staff to directly input HTML into the article body (not sure if this is the case with Illumina or not).
 
Almighty Al

Almighty Al

Newbie Spellweaver
Joined
Jun 5, 2012
Messages
23
Reaction score
3
Great release. :proud: Also is implementable with UberCMS for the people who don't use Illumina in general
 
Jonteh

Jonteh

:joy:
Loyal Member
1000 Posts Got A Reaction 10 Happy Years
Joined
Apr 30, 2007
Messages
2,339
Reaction score
1,547
Hejula said:
Very good :) Also on the main news articles you could convert it to use BBCode and not allow staff to directly input HTML into the article body (not sure if this is the case with Illumina or not).
Click to expand...

*some* raw html is supported in Illumina, most malicious poop is blocked out. My general rule of thumb is don't let dumbasses into housekeeping and to put a PIN on hk login.

Also, hot campaigns are only editable in database, so unless you're a complete Special person then you should have no issues there either.
 
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
167
Guests online
5,286
Total visitors
5,453
Totals may include hidden visitors.

Forum statistics

Threads
429,198
Messages
4,590,913
Members
281,311
Latest member
ismodev
Most visitors online was 12720 , on 2 May 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top