Hari sadu

## hb-test.py
#!/usr/bin/env python2

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.

import sys
import struct
import socket
import time
import select

## database_update.php
<?php
		case '3.0.10':
			// Updates users having current style a deactivated one
			$sql = 'SELECT style_id
					FROM ' . STYLES_TABLE . '
					WHERE style_active = 0';
			$result = $db->sql_query($sql);

			$deactivated_style_ids = array();
			while ($temp_style_id = $db->sql_fetchfield('style_id', false, $result))

## database_update.php
<?php
		// Changes from 3.0.10 to 3.0.11-RC1
		case '3.0.10':
			// Updates users having current style a deactivated one
			$sql = 'SELECT style_id
					FROM ' . STYLES_TABLE . '
					WHERE style_active = 0';
			$result = $db->sql_query($sql);

			while($temp = $db->sql_fetchfield('style_id', false, $result))

## lol.php
<?php

			$sql = 'SELECT style_id
					FROM ' . STYLES_TABLE . '
					WHERE style_active = 0';
			$result = $db->sql_query($sql);

			while($temp = $db->sql_fetchfield('style_id', false, $result))
			{
				if($temp)

## gist:2312236
UPDATE phpbb_users
SET style_id = DEFAULT_STYLE
INNER JOIN phpbb_styles
ON phpbb_users.style_id = phpbb_styles.style_id AND phpbb_styles.style_active = 0

## lol.php
<?php
$sql = 'UPDATE ' . USERS_TABLE . '
		SET style_id = ' . $config['default_style'] . '
		WHERE user_id IN(
			SELECT user_id
				FROM ' . USERS_TABLE . '
				WHERE style_id IN (
					SELECT style_id
						FROM ' . STYLES_TABLE . '
						WHERE style_active = 0))';

## a.php.diff
diff --git a/a/a.php b/b/a.php
index a787317..e24a541 100644
--- a/a/a.php
+++ b/b/a.php
@@ -1,7 +1,7 @@
 //from ucp_prefs.php
 if ($submit)
 				{
-					$data['style'] = ($config['override_user_style']) ? $config['default_style'] : $data['style'];
+					$data['style'] = ($config['override_user_style']) ? $config['default_style'] : ((!style_select('', false, $data['style'])) ? $data['style'] : ((int) $user->data['user_style']));

## tabfix.html
<style>

.tab-fix h2 {
  float: left;
}

.tab-fix #minitabs {
  float: right;
}

## core.diff
diff --git a/a/core.js b/b/core.js
index c41edfa..3c04d2c 100644
--- a/a/core.js
+++ b/b/core.js
@@ -441,5 +441,22 @@ phpbb.add_ajax_callback('alt_text', function(data) {
 	el.text(alt_text);
 });

+$(document).ready(function(){
+
	#!/usr/bin/env python2

	# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
	# The author disclaims copyright to this source code.

	import sys
	import struct
	import socket
	import time
	import select
	<?php
	case '3.0.10':
	// Updates users having current style a deactivated one
	$sql = 'SELECT style_id
	FROM ' . STYLES_TABLE . '
	WHERE style_active = 0';
	$result = $db->sql_query($sql);

	$deactivated_style_ids = array();
	while ($temp_style_id = $db->sql_fetchfield('style_id', false, $result))
	<?php
	// Changes from 3.0.10 to 3.0.11-RC1
	case '3.0.10':
	// Updates users having current style a deactivated one
	$sql = 'SELECT style_id
	FROM ' . STYLES_TABLE . '
	WHERE style_active = 0';
	$result = $db->sql_query($sql);

	while($temp = $db->sql_fetchfield('style_id', false, $result))
	UPDATE phpbb_users
	SET style_id = DEFAULT_STYLE
	INNER JOIN phpbb_styles
	ON phpbb_users.style_id = phpbb_styles.style_id AND phpbb_styles.style_active = 0
	<?php
	$sql = 'UPDATE ' . USERS_TABLE . '
	SET style_id = ' . $config['default_style'] . '
	WHERE user_id IN(
	SELECT user_id
	FROM ' . USERS_TABLE . '
	WHERE style_id IN (
	SELECT style_id
	FROM ' . STYLES_TABLE . '
	WHERE style_active = 0))';
	diff --git a/a/a.php b/b/a.php
	index a787317..e24a541 100644
	--- a/a/a.php
	+++ b/b/a.php
	@@ -1,7 +1,7 @@
	//from ucp_prefs.php
	if ($submit)
	{
	- $data['style'] = ($config['override_user_style']) ? $config['default_style'] : $data['style'];
	+ $data['style'] = ($config['override_user_style']) ? $config['default_style'] : ((!style_select('', false, $data['style'])) ? $data['style'] : ((int) $user->data['user_style']));
	<style>

	.tab-fix h2 {
	float: left;
	}

	.tab-fix #minitabs {
	float: right;
	}
	diff --git a/a/core.js b/b/core.js
	index c41edfa..3c04d2c 100644
	--- a/a/core.js
	+++ b/b/core.js
	@@ -441,5 +441,22 @@ phpbb.add_ajax_callback('alt_text', function(data) {
	el.text(alt_text);
	});

	+$(document).ready(function(){
	+