Shop mod?

Hulp nodig bij een modificaties of op zoek naar een MOD? Bekijk ons archief. Support wordt helaas niet meer verleend.
Forumregels

Sinds 1 januari 2009 wordt phpBB2 niet meer ondersteund.
Onderstaande informatie is verouderd en dient uitsluitend als archief.
phpBB2.0.x
Gebruikersavatar
_Ron_
Berichten: 459
Lid geworden op: 16 jun 2003, 17:29
Contacteer:

Bericht door _Ron_ » 10 jan 2005, 01:34

Ik ben nog maar even aan het zoeken geslagen.......... Ik heb op een test-server een backup draaien van mijn oude site, waar de shop ook op draaide (en goed werkte). Eind december heb ik een mod geïnstalleerd i.v.m. de php exploit.

Ik kom er net achter dat die nu hetzelfde probleem vertoond, als je naar de special shop gaat voor een special effect-aankoop.

Dit is de inhoud van die mod:

Code: Selecteer alles

##############################################################
## MOD Title: Php Exploit Fix v2
## MOD Author: Cyberalien
## MOD Description: A serious bug was discovered in php in function unserialize(). That bug can be used to cause serious damage to websites that use software that uses that function.Unfortunately phpBB uses that function to store data in cookies, so phpBB can be exploited (so is IPB, vBulletin and almost all other php forum systems).
## MOD Version: 0.0.1
## 
## Installation Level: Easy
## Installation Time: 20 minutes
## Files To Edit: 
## Included Files: 
## Generator: MOD Studio 3.0 Alpha 1 [mod functions 0.2.1677.25348]
##############################################################
## For Security Purposes, Please Check: http://www.phpbb.com/mods/ for the 
## latest version of this MOD. Downloading this MOD from other sites could cause malicious code 
## to enter into your phpBB Forum. As such, phpBB will not offer support for MOD's not offered 
## in our MOD-Database, located at: http://www.phpbb.com/mods/ 
##############################################################
## Author Notes: 
##############################################################
## MOD History:
## 
##   2004-05-07 - Version 1.0.0
## 
##      - First Stable release. Version 1.0.0 of a MOD is always it's first stable release.
## 
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD 
##############################################################

#
#-----[ OPEN ]------------------------------------------
#

includes/functions.php
#
#-----[ FIND ]------------------------------------------
#
?>
#
#-----[ BEFORE, ADD ]------------------------------------------
#
function serialize_array($array)
{
	if(!is_array($array))
	{
		return '';
	}
	$str = '';
	foreach($array as $var => $value)
	{
		if($str)
		{
			$str .= '|';
		}
		$str .= $var . '=' . str_replace('|', '', $value);
	}
	return $str;
}

function unserialize_array($str)
{
	$array = array();
	$list = explode('|', $str);
	for($i=0; $i<count($list); $i++)
	{
		$row = explode('=', $list[$i], 2);
		if(count($row) == 2)
		{
			$array[$row[0]] = $row[1];
		}
	}
	return $array;
}

#
#-----[ OPEN ]------------------------------------------
#

index.php
#
#-----[ FIND ]------------------------------------------
#
$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t"]) : array();  
$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f"]) : array();  

#
#-----[ REPLACE ]------------------------------------------
#
$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_t"]) : array();  
$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . "_f"]) : array();  

#
#-----[ OPEN ]------------------------------------------
#

posting.php
#
#-----[ FIND ]------------------------------------------
#
			$tracking_topics = ( !empty($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
			$tracking_forums = ( !empty($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();

#
#-----[ REPLACE ]------------------------------------------
#
			$tracking_topics = ( !empty($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
			$tracking_forums = ( !empty($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();

#
#-----[ FIND ]------------------------------------------
#
			setcookie($board_config['cookie_name'] . '_t', serialize($tracking_topics), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);

#
#-----[ REPLACE ]------------------------------------------
#
			setcookie($board_config['cookie_name'] . '_t', serialize_array($tracking_topics), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);

#
#-----[ OPEN ]------------------------------------------
#

search.php
#
#-----[ FIND ]------------------------------------------
#
		$result_array = serialize($store_search_data);

#
#-----[ REPLACE ]------------------------------------------
#
		$result_array = serialize_array($store_search_data);
#
#-----[ FIND ]------------------------------------------
#
				$search_data = unserialize($row['search_array']);
#
#-----[ REPLACE ]------------------------------------------
#
				$search_data = unserialize_array($row['search_array']);
#
#-----[ FIND ]------------------------------------------
#
		$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
		$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();

#
#-----[ REPLACE ]------------------------------------------
#
		$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
		$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();

#
#-----[ OPEN ]------------------------------------------
#

viewforum.php
#
#-----[ FIND ]------------------------------------------
#
			$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();
			$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();

#
#-----[ REPLACE ]------------------------------------------
#
			$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();
			$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();

#
#-----[ FIND ]------------------------------------------
#
				setcookie($board_config['cookie_name'] . '_f', serialize($tracking_forums), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);

#
#-----[ REPLACE ]------------------------------------------
#
				setcookie($board_config['cookie_name'] . '_f', serialize_array($tracking_forums), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);

#
#-----[ FIND ]------------------------------------------
#
$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : '';  
$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : '';

#
#-----[ REPLACE ]------------------------------------------
#
$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : '';  
$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : '';  

#
#-----[ OPEN ]------------------------------------------
#

viewtopic.php
#
#-----[ FIND ]------------------------------------------
#
	$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
	$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();

#
#-----[ REPLACE ]------------------------------------------
#
	$tracking_topics = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_t']) : array();
	$tracking_forums = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) ) ? unserialize_array($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f']) : array();

#
#-----[ FIND ]------------------------------------------
#
	setcookie($board_config['cookie_name'] . '_t', serialize($tracking_topics), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);

#
#-----[ REPLACE ]------------------------------------------
#
	setcookie($board_config['cookie_name'] . '_t', serialize_array($tracking_topics), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);

#
#-----[ OPEN ]------------------------------------------
#

includes/sessions.php
#
#-----[ FIND ]------------------------------------------
#
		$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();

#
#-----[ REPLACE ]------------------------------------------
#
		$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize_array(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();

#
#-----[ FIND ]------------------------------------------
#
	setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
#
#-----[ REPLACE ]------------------------------------------
#
	setcookie($cookiename . '_data', serialize_array($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
#
#-----[ FIND ]------------------------------------------
#
		$sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();

#
#-----[ REPLACE ]------------------------------------------
#
		$sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize_array(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();

#
#-----[ FIND ]------------------------------------------
#
					setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);

#
#-----[ REPLACE ]------------------------------------------
#
					setcookie($cookiename . '_data', serialize_array($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Hier zou dus de oorzaak in moeten zitten...
hanff.nl
Gij zult niet stelen.... De overheid duldt geen concurrentie!

Gebruikersavatar
_Ron_
Berichten: 459
Lid geworden op: 16 jun 2003, 17:29
Contacteer:

Bericht door _Ron_ » 19 jan 2005, 21:48

Subtiel schopje om deze weer eens onder de aandacht te brengen :oops:
hanff.nl
Gij zult niet stelen.... De overheid duldt geen concurrentie!

Gebruikersavatar
Kaza
Berichten: 604
Lid geworden op: 13 sep 2003, 07:46
Locatie: Rotterdam
Contacteer:

Bericht door Kaza » 19 jan 2005, 21:58

Op phpbb.com staat de oplossing. Ik heb het ook opgelost en bij mij werkt het weer. vraag me niet wat de veranderingen waren of waar het staat, het staat er op zeker!
Last edited by Kazango on Sat sep 23, 2004 6:35 am; edited 458 times in total

Gebruikersavatar
_Ron_
Berichten: 459
Lid geworden op: 16 jun 2003, 17:29
Contacteer:

Bericht door _Ron_ » 19 jan 2005, 22:05

Perfect Kaza. Ik heb het betreffende topic gevonden en ga hem nu doorlezen.
Dit is hem

Heel erg bedankt voor het melden! :thumb:

edit: Dat heeft dus inderdaad geholpen (pagina 14 en 15 van het topic). Bij mij werkt hij ook weer :D
hanff.nl
Gij zult niet stelen.... De overheid duldt geen concurrentie!

Gesloten