Jump to content
MakeWebGames

MCC v2.0.3

ColdBlooded

By ColdBlooded
in General Discussion

 Share

Recommended Posts

  • Replies 123
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Paul Evans Newbie

Paul Evans

Posted
Posted

which part of the image is hackable (i've seen the preferences and viewuser)

preferences:

		$image = (@getimagesize($_POST['newpic']));
      if ( !is_array($image) ) {
  echo 'Invalid Image.
> [url="preferences.php?action=picchange"]Go Back[/url]';
  die($h->endpage());
      }

Although if you edit it by myphpadmin then it will go through as i believe they didn't add getimagesize on viewuser.

Simple fix would be to goto viewuser...

Replace line 55 :

   echo ($r['display_pic'])?'[img='.$r['display_pic'].']':'No Image';

With this:

   		$image = (@getimagesize($r['display_pic']));
  echo ( is_array($image) )?'[img='.$r['display_pic'].']':'No Image';
MrEvilChaos Newbie

MrEvilChaos

Posted
Posted

yea I take this code 

echo ($r['display_pic'])?'[img='.$r['display_pic'].']':'No Image';

and replace it with this one 

$image = (@getimagesize($r['display_pic']));
  echo ( is_array($image) )?'[img='.$r['display_pic'].']':'No Image';
Karlos94 Newbie

Karlos94

Posted
Posted

For the prreferences function, here is a quick one based off the MCCodes Lite version.

function pic_change()
{
if (isset($_POST['newpic']))
{
	if (empty($_POST['newpic']))
	{
		echo '

You did not enter a new profile picture in the requested box.</p>';
	}
	else if (!@getimagesize($_POST['newpic']))
	{
		echo '

You haven\'t posted a valid image URL.</p>';
	}
	else
	{
		mysql_query("UPDATE `users` SET `display_pic`='". $_POST['newpic'] ."' WHERE `userid`=".$userid, $c);
		echo '

You have successfully !</p>';
	}

	echo '

> [url="preferences.php?action=', __FUNCTION__ ,'"]Back[/url]';
}
else
{
	echo '<h3>Pic Change</h3>


Please note that this must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. Any images that are not 150x150 will be automatically resized to fit our requirements.</p>

	<form action="preferences.php?action=', __FUNCTION__ ,'" method="post">
		New Pic: <input type="text" name="newpic" value="', $ir['display_pic'] ,'" />

		<input type="submit" value="Change Picture" />
	</form>';
}
}
Dominion Newbie

Dominion

Posted
Posted
yep I changed it myself

Was it a user thing or did you mange to do it? If it was a user do you know how they did it? E.g. give the link in prefs, change what's on the end of that link. It’s still giving a link in the new version right?

  • 3 weeks later...
Uridium Rising Star

Uridium

Posted
Posted

found an issue with staff_special.php that wasnt allowing staff to update user level.

so just replace these functions..

 

function userlevelform() {
global $db,$ir,$c,$h,$userid;
echo "
<h3>User Level Adjust</h3>
<form action='staff_special.php?action=userlevel' method='get'>
User: ".user_dropdown($c,'ID')."
<br />
User Level:
<br />
<input type='radio' name='level' value='1' /> Member
<br />
<input type='radio' name='level' value='2' /> Admin
<br />
<input type='radio' name='level' value='3' /> Secretary
<br />
<input type='radio' name='level' value='4' /> IRC Op
<br />
<input type='radio' name='level' value='5' /> Assistant
<br />
<input type='submit' value='Adjust' />
</form>
";
}
function userlevel() {
global $db,$ir,$c,$h,$userid;
	$_GET['level'] = ( isset($_GET['level'])&&in_array($_POST['level'], array(1,2,3,4,5)) )?abs(intval($_GET['level'])):$_GET['level'];
	$_GET['ID'] = ( isset($_GET['ID'])&&is_numeric($_GET['ID']) )?abs(intval($_GET['ID'])):'';
$d = $db->query("SELECT `userid` , `user_level` FROM `users` WHERE `userid` = ".$_GET['ID']."");
    if ( $db->num_rows($d) == 0 ) {
  echo 'Invalid user.<br />> <a href="staff_special.php?action=userlevelform">Go Home</a>';
  die($h->endpage());
    }

$db->query("UPDATE `users` SET `user_level` = {$_GET['level']} WHERE `userid` = {$_GET['ID']}", $c);
	stafflog_add('Adjusted user ID '.$_GET['ID'].'\'s staff status.');
  echo 'User\'s level adjusted.<br />> <a href="staff.php?action=stafflist">Go Home</a>';
  die($h->endpage());
}

 

Overwrite with this one should work fine..

Mystical Newbie

Mystical

Posted
Posted
found an issue with staff_special.php that wasnt allowing staff to update user level.

so just replace these functions..

 

function userlevelform() {
global $db,$ir,$c,$h,$userid;
echo "
<h3>User Level Adjust</h3>
<form action='staff_special.php?action=userlevel' method='get'>
User: ".user_dropdown($c,'ID')."
<br />
User Level:
<br />
<input type='radio' name='level' value='1' /> Member
<br />
<input type='radio' name='level' value='2' /> Admin
<br />
<input type='radio' name='level' value='3' /> Secretary
<br />
<input type='radio' name='level' value='4' /> IRC Op
<br />
<input type='radio' name='level' value='5' /> Assistant
<br />
<input type='submit' value='Adjust' />
</form>
";
}
function userlevel() {
global $db,$ir,$c,$h,$userid;
	$_GET['level'] = ( isset($_GET['level'])&&in_array($_POST['level'], array(1,2,3,4,5)) )?abs(intval($_GET['level'])):$_GET['level'];
	$_GET['ID'] = ( isset($_GET['ID'])&&is_numeric($_GET['ID']) )?abs(intval($_GET['ID'])):'';
$d = $db->query("SELECT `userid` , `user_level` FROM `users` WHERE `userid` = ".$_GET['ID']."");
    if ( $db->num_rows($d) == 0 ) {
  echo 'Invalid user.<br />> <a href="staff_special.php?action=userlevelform">Go Home</a>';
  die($h->endpage());
    }

$db->query("UPDATE `users` SET `user_level` = {$_GET['level']} WHERE `userid` = {$_GET['ID']}", $c);
	stafflog_add('Adjusted user ID '.$_GET['ID'].'\'s staff status.');
  echo 'User\'s level adjusted.<br />> <a href="staff.php?action=stafflist">Go Home</a>';
  die($h->endpage());
}

 

Overwrite with this one should work fine..

I noticed this error too but unfortunately your fix does not work. I still get the same error Error: This script requires an action. Any other idea on how to fix this error? I did do a test by changing the two functions with the old ones in v2.0.2c and it worked like a charm but kind of defeats the purpose of the added security in v 2.0.3.

lucky3809 Newbie

lucky3809

Posted
Posted (edited)

Here is mine... I dont know if it'll work for you.. but you can try

function userlevel()

{

global $db,$ir,$c,$h,$userid;

$_GET['level']=abs((int) $_GET['level']);

$_GET['ID']=abs((int) $_GET['ID']);

$db->query("UPDATE users SET user_level={$_GET['level']} WHERE userid={$_GET['ID']}");

print "User's level adjusted.";

stafflog_add("Adjusted user ID {$_GET['ID']}'s staff status.");

}

function userlevelform()

{

global $db,$ir,$c,$h,$userid;

 

print "<h3>User Level Adjust</h3>

<form action='staff_special.php' method='get'>

<input type='hidden' name='action' value='userlevel'>

User: ".user_dropdown($c,'ID')."<br />

User Level:<br />

<input type='radio' name='level' value='1' /> Member<br />

<input type='radio' name='level' value='2' /> Admin<br />

<input type='radio' name='level' value='3' /> Secretary<br />

<input type='radio' name='level' value='4' /> IRC Op<br />

<input type='radio' name='level' value='5' /> Assistant<br />

<input type='submit' value='Adjust' /></form>";

}

Edited by lucky3809

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...