| Author |
Message |
Ariannus
New Member
Joined: Nov 23, 2004
Posts: 4
|
 Posted:
Tue Nov 23, 2004 1:55 pm |
|
I am trying to comment out the "Union Tap" code as it says to in the NukeSentinel instructions. However in phpnuke 7.5 I can't find the code. I think it has been modified and I don't know what all I have to remove from mainfile.php and admin.php. |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Tue Nov 23, 2004 3:42 pm |
|
If it's not in there then don't worry about it. |
| |
|
|
|
|
Ariannus
|
| Posted:
Tue Nov 23, 2004 5:45 pm |
|
Well it is there but it looks like it has been modified since the instructions were writter and I don't know what all I have to remove now. |
| |
|
|
|
|
Raven
|
| Posted:
Tue Nov 23, 2004 5:57 pm |
|
Post here the top 20 lines or so, after the comments. |
| |
|
|
|
|
Ariannus
|
| Posted:
Wed Nov 24, 2004 6:27 pm |
|
Here is the mainfile.php
| Quote: | //Union Tap
//Copyright Zhen-Xjell 2004 [ Only registered users can see links on this board! Get registered or login! ]
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die();
}
if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) header("Location: index.php");
$phpver = phpversion();
if ($phpver >= '4.0.4pl1' && strstr($HTTP_USER_AGENT,'compatible')) {
if (extension_loaded('zlib')) {
ob_end_clean();
ob_start('ob_gzhandler');
}
} else if ($phpver > '4.0') {
if (strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (extension_loaded('zlib')) {
$do_gzip_compress = TRUE;
ob_start();
ob_implicit_flush(0);
//header('Content-Encoding: gzip');
}
}
}
$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
if(isset($admin))
{
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = base64_encode($admin);
}
|
admin.php
| Quote: | if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {
die("Illegal Operation");
}
$checkurl = $_SERVER['REQUEST_URI'];
if ((preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) {
echo "die";
exit;
}
require_once("mainfile.php");
get_lang(admin);
function create_first($name, $url, $email, $pwd, $user_new) {
global $prefix, $db, $user_prefix;
$first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
if ($first == 0) {
$pwd = md5($pwd);
$the_adm = "God";
$db->sql_query("INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '1', '')");
if ($user_new == 1) {
$user_regdate = date("M d, Y");
$user_avatar = "gallery/blank.gif";
$commentlimit = 4096;
if ($url == "http://") { $url = ""; }
$db->sql_query("INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_l$
}
login();
}
}
|
|
| |
|
|
|
|
chatserv
Member Emeritus
Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
|
| Posted:
Wed Nov 24, 2004 7:52 pm |
|
Code://Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die();
}
|
|
| |
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
