Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
BlueLion
New Member
New Member


Joined: Aug 10, 2004
Posts: 12

PostPosted: Sat Oct 22, 2005 5:59 am Reply with quote

PHP-Nuke 7.6pl3.1
Location: Only registered users can see links on this board! Get registered or login!
Problem: When checking out one of the listed URL's PHP-Nuke comes up with: "Illegal Operation".
URL: Only registered users can see links on this board! Get registered or login!


I've looked into the /mainfile.php where this part is blocking the operation:

Code:
// Additional security (Union, CLike, XSS)

if(!file_exists('includes/nukesentinel.php')) {
  if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
    $queryString = $_SERVER['QUERY_STRING'];
    if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
      die('Illegal Operation');
    }
  }
}


And in particular this part:

Code:
OR stripos_clone($queryString,'http://')


One site runs Sentinel and the problem has never occured on that pages, but locally and on sites where sentinel isn't installed it will look for this part of code, because of this line:

Code:
if(!file_exists('includes/nukesentinel.php'))


When stripping out this

Code:
OR stripos_clone($queryString,'http://')


the referer can be checked with this URL: Only registered users can see links on this board! Get registered or login!

Questions:
Is it save to remove the following?
Code:
OR stripos_clone($queryString,'http://')


Any other suggestion to get this solved, except installing Sentinel?
Is sentinel not checking this?


BlueLion
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sat Oct 22, 2005 6:51 am Reply with quote

That is a tough call. That referer line is how one can easily get redirected to a bad page, but at the same time many legitimate applications use that type syntax. You, as webmaster, have to make that call.
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©