Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
jonathan9473
New Member
New Member


Joined: Nov 22, 2007
Posts: 10

PostPosted: Thu Nov 22, 2007 7:57 am Reply with quote

Hi
Im having alot of issues with the core file edits
I was wondering if anyone would give me a link to downloading
main.php
index.php
admin.php
I not sure how much of a security risk that is, i just want to get sentiel installation behind me.Ive spent at least a day trying to do it. and it keeps saying i have syntax error in my core edit files. Cool If anyone can help me please post
 
View user's profile Send private message
jonathan9473
PostPosted: Thu Nov 22, 2007 8:20 am Reply with quote

If downloading is a problem I would like to show what i am working with. Wich currently has errors.
 
jonathan9473
PostPosted: Thu Nov 22, 2007 8:23 am Reply with quote

step 1 Main File.php line 85
===============================================

#-----[ FIND ]------------------------------------------
#
if(defined('FORUM_ADMIN')) {
define('INCLUDE_PATH', '../../../');
} elseif(defined('INSIDE_MOD')) {
define('INCLUDE_PATH', '../../');
} else {
define('INCLUDE_PATH', './');
}

@require_once(INCLUDE_PATH."config.php");
@require_once(INCLUDE_PATH."db/db.php");

#
#-----[ AFTER ADD ]------------------------------------------
#
@require_once(INCLUDE_PATH."includes/nukesentinel.php");
 
jonathan9473
PostPosted: Thu Nov 22, 2007 8:29 am Reply with quote

notice where i add nuke senteniel .php. For some reason if i ad it after
require_once("../../db/db.php");
I get A blank page

also I didn't add an @ sign as well In fornt of
require_once(INCLUDE_PATH."includes/nukesentinel.php");

--------------------------------------------------------------------------------------------------------
if (defined('FORUM_ADMIN')) {
require_once(INCLUDE_PATH."includes/nukesentinel.php");
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif (defined('INSIDE_MOD')) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}
-----------------------------------------------------------------------------------------------------------
 
jonathan9473
PostPosted: Thu Nov 22, 2007 8:35 am Reply with quote

Step 2 Union Tap mainfile.php
===============================================

//Union Tap
//Copyright Zhen-Xjell 2004 Only registered users can see links on this board! Get registered or login!
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die();
}

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}
 
jonathan9473
PostPosted: Thu Nov 22, 2007 8:37 am Reply with quote

I Completely Deleted the following from My MainFile.php
===================================================
//Union Tap
//Copyright Zhen-Xjell 2004 Only registered users can see links on this board! Get registered or login!
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die();
}

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}
 
jonathan9473
PostPosted: Thu Nov 22, 2007 8:39 am Reply with quote

line 490 Mainfile.php

========================================
in function function online() {
#
#-----[ FIND ]------------------------------------------
function online() {
global $user, $cookie, $prefix, $db;
$ip = $_SERVER['REMOTE_ADDR'];

#
#-----[ CHANGE TO ]------------------------------------------
#
function online() {
global $nsnst_const, $user, $cookie, $prefix, $db;
if(!file_exists('includes/nukesentinel.php')) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = $nsnst_const['remote_ip'];
}
 
jonathan9473
PostPosted: Thu Nov 22, 2007 8:41 am Reply with quote

490-509 mainfile.php
==================================================
function online() {
global $nsnst_const, $user, $cookie, $prefix, $db;
if(!file_exists('includes/nukesentinel.php')) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = $nsnst_const['remote_ip'];
}
$past = time()-3600;
$db->sql_query("DELETE FROM ".$prefix."_session WHERE time < '$past'");
$result = $db->sql_query("SELECT time FROM ".$prefix."_session WHERE uname='$uname'");
$ctime = time();
if ($uname!="") {
$uname = substr("$uname", 0,25);
if ($row = $db->sql_fetchrow($result)) {
$db->sql_query("UPDATE ".$prefix."_session SET uname='$uname', time='$ctime', host_addr='$ip', guest='$guest' WHERE uname='$uname'");
} else {
$db->sql_query("INSERT INTO ".$prefix."_session (uname, time, host_addr, guest) VALUES ('$uname', '$ctime', '$ip', '$guest')");
}
}
}
 
jonathan9473
PostPosted: Thu Nov 22, 2007 8:51 am Reply with quote

I completely deleted this line as well and thats all the edits i did to mainfile.php
===========================================
if (!defined('ADMIN_FILE')) {
foreach ($_GET as $sec_key => $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $sec_key)) ||
(eregi("inside_mod", $sec_key))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
 
jonathan9473
PostPosted: Thu Nov 22, 2007 8:54 am Reply with quote

If anyone can see an error in my script please reply
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©