dork-e.com » Exponent registration bug patcher

Home > Linux, Servers > Exponent registration bug patcher

Exponent registration bug patcher

May 3rd, 2011 Ron Leave a comment Go to comments

In response to a recent ExponentCMS security vulnerability which allows a cross-site script injection to allow anybody to create a new admin user, I’ve written the following script that will automatically apply the necessary patch.
Suggested usage:


find /home/*/public_html/framework/datatypes -name user.php -exec python fixRegBug.py {} \;


#!/usr/bin/env python
# encoding: utf-8
"""
fixRegBug.py

Created by Ron Miller on 2011-05-03.
Copyright (c) 2011 Youcentric Solutions. All rights reserved.
"""

import sys
import os

def main():
	if sys.argv[1] is None:
	    print "Please specify path to user.php"
	    exit(255)
	oldfile = open(sys.argv[1], "r")
	newfile = open(os.path.join(os.path.dirname(sys.argv[1]), "user.new.php"), "w")
	for line in oldfile:
	    if "if(isset($params['is_admin']) || isset($params['is_acting_admin'])) $this->checkAdminFlags();" in line:
	        line = "\t$this->checkAdminFlags();"
	        newfile.write(line)
	        newfile.flush()
	        print "Found and fixed vulnerability in %s" % sys.argv[1]
	    else:
	        newfile.write(line)
	        newfile.flush()

	newfile.close()
	oldfile.close()
	os.rename(sys.argv[1], os.path.join(os.path.dirname(sys.argv[1]), "user.old.php"))
	os.rename(os.path.join(os.path.dirname(sys.argv[1]), "user.new.php"), sys.argv[1])

if __name__ == '__main__':
	main()

Be Sociable, Share!

Tweet

Categories: Linux, Servers Tags:

Comments (0) Trackbacks (0) Leave a comment Trackback

No comments yet.

No trackbacks yet.

The Battle of Veridian III My iPhone

dork-e.com is Stephen Fry proof thanks to caching by WP Super Cache