ترقيع - vBulletin 3.8.7 Patch Level 2

[Fethi.dz]

مقال مختصر عن نوع الثغرة من الشركة الام vbulletin.com


Earlier last month the vBulletin team was notified of an indirect, low-risk security exploit vector that could potentially be used to maliciously trick users into providing account sensitive information to non-authorized parties. Please see the original notice for more information: https://www.vbulletin.com/forum/show...hishing-Vector

While the security risk is low, we have taken the report very seriously and incorporated additional security functionality into the vBulletin product to safeguard your site and prevent any attempts at malicious phishing activity.

After successful installation of the patch, no configuration or activation will be required and the new security check will work automatically to prevent malicious redirection.

Patched Versions:

• vBulletin 3.8.7 (download from members area)
• vBulletin 3.8.7 with Mobile API (download from members area)
• vBulletin 4.1.4 (download from members area)

Important Patch Installation Notes:

• Please check and make sure you are downloading and installing the correct patch.
• Important; that if you are using vBulletin 3.8.7 with Mobile API product you need the special “vBulletin 3.8.7 MAPI Patch”.
• Optional: This patch requires you to execute the upgrade process in order to install the additional security features.
• As always, It is recommended to have a full database backup of your site prior to upgrading.

Patch Installation Instructions:

• vBulletin 3.8.7 (including Mobile) and vBulletin 4.1.4
  • Download the correct patch version for your site: http://members.vbulletin.com/patches.php
  • Upload and overwrite files from the patch archive
  • Optional: Run upgrade script to finalize patch installation. Example: http://www.yoursite.com/forum/install/upgrade.php

Please note (for Advanced Users Only): These settings and configuration will not affect most vBulletin users. If you have created a custom domain configuration, you can define a domain “whitelist” in your Admin Control Panel. Go to AdminCP -> Settings -> Options -> Site Name / URL / Contact Details -> “Redirect Domain Whitelist”.

 

[Fethi.dz]

نأتي لترقيع الثغرة يدويــاً:

طبعاً قبل المباشرة في اجراء التعديلات قم بأخد نسخة إحتياطية لموقعك.

في ملف الـ functions.php

نبحث على :

// #############################################################################
/**
* Halts execution and redirects to the address specified
*
* If the 'useheaderredirect' option is on, the system will attempt to redirect invisibly using header('Location...
* However, 'useheaderredirect' is overridden by setting $forceredirect to a true value.
*
* @param    string    Redirect message
* @param    string    URL to which to redirect the browser
*/
function standard_redirect($message = '', $forceredirect = false)
{
    global $header, $footer, $headinclude, $forumjump;
    global $timezone, $vbulletin, $vbphrase, $stylevar, $pagestarttime;

    static
        $str_find     = array('"',      '<',    '>'),
        $str_replace  = array('&quot;', '&lt;', '&gt;');

    if ($vbulletin->db->explain)
    {
        $pageendtime = microtime();

        $starttime = explode(' ', $pagestarttime);
        $endtime = explode(' ', $pageendtime);

        $totaltime = $endtime[0] - $starttime[0] + $endtime[1] - $starttime[1];

        $vartext .= "<!-- Page generated in " . vb_number_format($totaltime, 5) . " seconds with " . $vbulletin->db->querycount . " queries -->";

        $querytime = $vbulletin->db->time_total;
        echo "\n<b>Page generated in $totaltime seconds with " . $vbulletin->db->querycount . " queries,\nspending $querytime doing MySQL queries and " . ($totaltime - $querytime) . " doing PHP things.\n\n<hr />Shutdown Queries:</b>" . (defined('NOSHUTDOWNFUNC') ? " <b>DISABLED</b>" : '') . "<hr />\n\n";
        exit;
    }

و نظيف بعدها مباشرة :

if ($vbulletin->url)
    {
        $foundurl = false;
        if ($urlinfo = @parse_url($vbulletin->url))
        {
            if (!$urlinfo['scheme'])
            {    // url is made full in exec_header_redirect which stops a url from being redirected to, say "www.php.net" (no http://)
                $foundurl = true;
            }
            else
            {
                $whitelist = array();
                if ($vbulletin->options['redirect_whitelist'])
                {
                    $whitelist = explode("\n", trim($vbulletin->options['redirect_whitelist']));
                }
                // Add $bburl to the whitelist
                $bburlinfo = @parse_url($vbulletin->options['bburl']);
                $bburl = "{$bburlinfo['scheme']}://{$bburlinfo['host']}";
                array_unshift($whitelist, $bburl);

                // if the "realurl" of this request does not equal $bburl, add it as well..
                $realurl = VB_URL_SCHEME . '://' . VB_URL_HOST;
                if (strtolower($bburl) != strtolower($realurl))
                {
                    array_unshift($whitelist, $realurl);
                }

                $vburl = strtolower($vbulletin->url);
                foreach ($whitelist AS $url)
                {
                    $url = trim($url);
                    if ($vburl == strtolower($url) OR strpos($vburl, strtolower($url) . '/', 0) === 0)
                    {
                        $foundurl = true;
                        break;
                    }
                }
            }
        }
        
        if (!$foundurl)
        {
            eval(standard_error(fetch_error('invalid_redirect_url_x', $vbulletin->url)));
        }
    }

في ملف class_core.php ( هذه الخطوة لمن لم يرقي لـ Patch Level 1 )

نبحث في الملف على :

define('YUI_VERSION', '2.7.0'); // define the YUI version we bundle, used for external YUI

و نستبدله بـ :

define('YUI_VERSION', '2.9.0'); // define the YUI version we bundle, used for external YUI

هكذا نضمن سد الثغرة و لكن يستحسن عمل ترقية للنسخة ( 3.8.7 )

و ذلك برفع محتوى الملفات التالية:

class_core.php
functions.php
version_vbulletin.php
vbulletin-adminhelp.xml
vbulletin-language.xml
vbulletin-settings.xml

من ثم التوجه للرابط : www.your_site_name.com/vb/install/install.php

من ثم الضغط على upgrade

بعد الإنتهاء منالترقية / في لوحة تحكم الإدارة سيظهر لك خيار إضافي تحت ( اسم الموقع / الوصلات / المراسلة و الاتصال ) و الذي هو ( Redirect Domain Whitelist )

بالتوفيق.

 

[l@mineDZ]

بارك الله فيك
وجعله في ميزان حسناتك
​

 

[ورود الهناء]

جزاك الله خيرا اخي

 

[amicale21]

بارك الله فيك