Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports
Author Message
Dauthus
Worker
Worker


Joined: Oct 07, 2003
Posts: 211

PostPosted: Fri Aug 06, 2004 10:58 pm Reply with quote

Warning: eregi(): REG_BADRPT in /home/virtual/site1/fst/var/www/html/nuke/includes/sentinel.php on line 190

Every once in a while I receive this error message on the ban page across the top of the page. (Above the Sentinel Protected Banner)

It also lists the date blocked as:

Date Blocked: 1969-12-31 18:00:00

Heh, I was 6 years old back then.

Oh, yea. This is Sentinel version 2.0.0
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Fri Aug 06, 2004 11:15 pm Reply with quote

There is a full path disclosure exploit that uses the Search module to expose your path, which you have done. This is the error that you will receive. Try entering ** or + in your Search box and see if that trioggers it. If not, then look at your server logs to see if someone is trying to use the Search module with some funky search strings. It is an exploit though and Sentinel is letting you know it Wink
 
View user's profile Send private message
Dauthus
PostPosted: Fri Aug 06, 2004 11:24 pm Reply with quote

I tried the "+" and the "**" in the search string and it didn't trigger the ban page. I was using a string exploit to verify the string I was tying to block was being banned. That is how I ended up on the ban page.

Since this is doing what is is supposed to do, I will ignore the issue.

I am still a little confused about the date. All the ban pages say the exact same date. Whether it's a Union attack, or string attack. The date never changes.
 
Raven
PostPosted: Fri Aug 06, 2004 11:30 pm Reply with quote

I believe that only happens on a windows server or possibly on a windows browser. I can't remember which. Try searching Google on the date. There's alot of discussion on it. To suppress the message on the browser, you might try placing an @ before eregi, as in @eregi on line 190.
 
Dauthus
PostPosted: Fri Aug 06, 2004 11:47 pm Reply with quote

I have a Linux server. But am using IE 6.

I think there is some type of code to put in the htaccess file to supress the file path and/or hide the php error code. I will just have to find it.
 
Raven
PostPosted: Sat Aug 07, 2004 9:03 am Reply with quote

See this FAQ for suppressing certain types of warnings Only registered users can see links on this board! Get registered or login!

Using the @ sign is a different method for a different purpose Smile
 
Dauthus
PostPosted: Sat Aug 07, 2004 10:27 am Reply with quote

Got it. Thanks for the help
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©