V1.7 MODULE TO FIX VULNERABILITY GHSA-6xxj-gcjq-wgf4 (AFFECTED PS 1.7.5.0 -> 1.7.8.1)

d-shilko

Well-known member
☆☆ Special ☆☆
☆ Pro ☆
Joined
Jun 10, 2021
Messages
2,542
Reaction score
1,536
Points
113
NullCash
4,168
I'm pretty sure there is no patch at all..
Stronzodicane made this patch by himself (I'll not spend nullcash to see what it contains) I guess it's the 2 or 3 modified php files you need to replace in the dedicated directories.
It is the simply patch. I UNDERSTAND HOW IT WORK. I WROTE THE SIMILAR PATCHES MANY TIMES. I try to find community where that the guys always has fresh information regarding PS ;)
 
Last edited:

djpremiere

Member
XNullUser
Joined
Dec 28, 2020
Messages
376
Reaction score
10
Points
18
NullCash
29
I'm pretty sure there is no patch at all..
Stronzodicane made this patch by himself (I'll not spend nullcash to see what it contains) I guess it's the 2 or 3 modified php files you need to replace in the dedicated directories.
 

d-shilko

Well-known member
☆☆ Special ☆☆
☆ Pro ☆
Joined
Jun 10, 2021
Messages
2,542
Reaction score
1,536
Points
113
NullCash
4,168
I'm pretty sure there is no patch at all..
Stronzodicane made this patch by himself (I'll not spend nullcash to see what it contains) I guess it's the 2 or 3 modified php files you need to replace in the dedicated directories.
I have downloaded this patch, research and used on all my sites. I very good understand how it work. I guesses Stronzodicane not developed this patch because it has highly qualified(level) code.
 
Last edited:

xiketo

Member
XNullUser
Joined
Oct 22, 2020
Messages
150
Reaction score
1
Points
18
NullCash
22
Thank you!
Post automatically merged:

Thank you!
 

chibi

Well-known member
Diamond
Elite
XNullUser
Joined
Aug 12, 2021
Messages
148
Reaction score
346
Points
63
NullCash
1,078
I'm pretty sure there is no patch at all..
Stronzodicane made this patch by himself (I'll not spend nullcash to see what it contains) I guess it's the 2 or 3 modified php files you need to replace in the dedicated directories.

Index.php :

PHP:
<?php
/**
* Modulo CVE-2021-43789
*
* @author       Giuseppe Tripiciano <admin@areaunix.org>
* @copyright    Copyright (c) 2021 Giuseppe Tripiciano
* @license      You cannot redistribute or resell this code.
*/

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");

header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

header("Location: ../");
exit;


fixcve202143789.php :

Forum don't allow more than 5000 characters : LINK

Capture d’écran de 2022-01-02 08-47-31.png

Capture d’écran de 2022-01-02 09-00-42.png


It's a real module.
 
Last edited:

stronzodicane

Active member
Elite
XNullUser
Joined
Dec 13, 2021
Messages
37
Reaction score
197
Points
33
NullCash
1,030
I'm pretty sure there is no patch at all..
Stronzodicane made this patch by himself (I'll not spend nullcash to see what it contains) I guess it's the 2 or 3 modified php files you need to replace in the dedicated directories.
that's is ! A simple module to close this vulnerability... I realized the code using the detail for this specific fix (github)
 

personalkiwi

Member
XNullUser
Joined
Dec 5, 2021
Messages
185
Reaction score
0
Points
16
Location
Napoli
Website
www.pianetasvapo.com
NullCash
348
Funziona davvero, allora?
Post automatically merged:

Provato e con store commander non segnala problemi di vulnerabilità
 
Last edited:
Top