![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Apr. 25th, 2006
(no subject)
Apr. 25th, 2006 09:52 amHm... what a fun way to start a day. Find out that someone has found an exploit in phpMyChat, and that it got used on my chatroom.
At least, i managed to find a quick solution. The bug involves how eval() is used for welcome messages. They found a way to login as SYS enter, which is the entrance notification thing. Every line sent by a SYS user is run, so they could just use this to run things using system() in PHP, since it was eval()ed.
I made a quick fix. An ugly one, but it should work for now.
if (stristr($Message, "sprintf") AND !stristr($Message, "system"))
{
eval("\$Message = $Message;");
}
So now the message has to contain a sprintf, and not contain system. Which should fix the problem until i want to spend more time on it, unless they somehow decide to spend more time messing with my chatroom in particular. Which i really doubt.
At least, i managed to find a quick solution. The bug involves how eval() is used for welcome messages. They found a way to login as SYS enter, which is the entrance notification thing. Every line sent by a SYS user is run, so they could just use this to run things using system() in PHP, since it was eval()ed.
I made a quick fix. An ugly one, but it should work for now.
if (stristr($Message, "sprintf") AND !stristr($Message, "system"))
{
eval("\$Message = $Message;");
}
So now the message has to contain a sprintf, and not contain system. Which should fix the problem until i want to spend more time on it, unless they somehow decide to spend more time messing with my chatroom in particular. Which i really doubt.