Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)
Author Message
blith
Client



Joined: Jul 18, 2003
Posts: 977

PostPosted: Tue Nov 16, 2004 7:50 am Reply with quote

One of my registered members got this one:
Code:
www.gamersroam.com/modules.php?name=Downloads&d_op=gfx&random_num=givlexec

I use the fetchit mod that is used here so I am not sure why I am getting it. Thanks for the help.
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Tue Nov 16, 2004 8:05 am Reply with quote

My guess it's the 'exec' at the end. In includes/sentinel.php, on or about line 201, change this
Code:
  if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring)) OR (eregi("exec",$querystring) AND !eregi("execu",$querystring)) OR eregi("concat",$querystring)) {

    block_ip($ip, $banuser, $bantime, $blocker_row);
to
Code:
  if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring)) /*OR (eregi("exec",$querystring) AND !eregi("execu",$querystring))*/ OR eregi("concat",$querystring)) {

    block_ip($ip, $banuser, $bantime, $blocker_row);


And see if that fixes it. Note that commenting that out will not hurt anything because in order to use 'exec' as an attack, other things are used that get trapped.
 
View user's profile Send private message
blith







PostPosted: Tue Nov 16, 2004 8:09 am Reply with quote

ah... that is why it only happens every so often... I bet that unfortunate letter combination came up in all of them. Thank you Raven!
 
drmike
Worker
Worker



Joined: Jul 15, 2004
Posts: 108
Location: Charlotte, NC

PostPosted: Wed Mar 23, 2005 10:43 am Reply with quote

Greets:

I just installed the Gallery here and kept getting the block messages when I tried to do anything with it with a string that contained the "?cmd" line.

I just went ahead and deleted out the cmd stuff out of the sentinel.php file as it appeared the edits did not work for me.

Should I be concerned about being open now?

Thanks,
-drmike

_________________
The Daria - Jane Conspiracy 
View user's profile Send private message Visit poster's website ICQ Number
dcasmr
Worker
Worker



Joined: Feb 06, 2004
Posts: 147

PostPosted: Fri Apr 08, 2005 12:04 am Reply with quote

I am having the same problem with sentinel 2.1.3 and Gallery 1.4.4pl4 I used the suggested fixed, however, as soon as I logging and try to highlight a photo, I am banned. Santy worms block of codes have been removed also.

Any other suggestions?

Thanks,
dcasmr
 
View user's profile Send private message
Raven







PostPosted: Fri Apr 08, 2005 10:47 pm Reply with quote

dcasmr wrote:
I am having the same problem with sentinel 2.1.3 and Gallery 1.4.4pl4 I used the suggested fixed, however, as soon as I logging and try to highlight a photo, I am banned. Santy worms block of codes have been removed also.

Any other suggestions?

Thanks,
dcasmr
What is the reason that NukeSentinel is recording as the ban?
 
dcasmr







PostPosted: Sat Apr 09, 2005 1:49 am Reply with quote

Raven:
Thanks for your reply:

It is: modules.php?cmd=hide&index=1&set_albumName=testit=modload&name=gallery&file=index&include=do_command.php

I read thru your previous answers and since my blocked message has ?cmd I used this:


if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("?cmd",$querystring)) OR (eregi("exec",$querystring) AND !eregi("execu",$querystring)) OR eregi("concat",$querystring)) {
block_ip($ip, $banuser, $bantime, $blocker_row);
}
}

however, I am still getting banned the photo cannot be used to Highlight.

Thanks,
dcasmr




?cmd=hide&index=1&set_albumName=
 
Raven







PostPosted: Sat Apr 09, 2005 5:31 am Reply with quote

Comment
Code:
if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("?cmd",$querystring)) OR (eregi("exec",$querystring) AND !eregi("execu",$querystring)) OR eregi("concat",$querystring))
to
Code:
if (eregi("http\:\/\/", $name)/* OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("?cmd",$querystring))*/ OR (eregi("exec",$querystring) AND !eregi("execu",$querystring)) OR eregi("concat",$querystring))
 
dcasmr







PostPosted: Tue Apr 12, 2005 8:51 pm Reply with quote

Thanks Raven. That did it. If anyone try that fix and still get a "hidden.." gallery message, just update to gallery 1.5.X . The above code corrected my highlight problem.

Thanks again Raven
 
opcode
New Member
New Member



Joined: Oct 14, 2006
Posts: 1

PostPosted: Mon Jun 04, 2007 7:12 pm Reply with quote

I wouldn't comment it out.

I would recode the gallery code to not use "cmd".
 
View user's profile Send private message
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Tue Jun 05, 2007 5:43 am Reply with quote

opcode, what you are suggesting may not be as easy at it seems. There are other threads here which also suggest an alteration of the code rather than commenting it out. I believe it also checked for the module name of "Gallery" and only excluded the "cmd" check if that module was being requested at that time.

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©