Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
sharlein
Member Emeritus



Joined: Nov 19, 2002
Posts: 322
Location: On the Road

PostPosted: Mon Feb 09, 2004 1:34 pm Reply with quote

Raven, is this script designed to work with 6.5? I have tried both lines added to the mainfile, one on each site, no luck. Thank you, Steve

_________________
Give Me Ambiguity Or Give Me Something Else! 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Mon Feb 09, 2004 2:52 pm Reply with quote

Yes. It shouldn't matter. It's not a nuke script - it's php.
 
View user's profile Send private message
Raven







PostPosted: Mon Feb 09, 2004 2:58 pm Reply with quote

I just tried it with this and it worked. It is very slow though [ Only registered users can see links on this board! Get registered or login! ]


Last edited by Raven on Mon Feb 09, 2004 10:58 pm; edited 1 time in total 
sharlein







PostPosted: Mon Feb 09, 2004 3:34 pm Reply with quote

I just tried it with your link, it worked. Thank you.
 
Raven







PostPosted: Mon Feb 09, 2004 3:42 pm Reply with quote

What was the link you were trying that wasn't working? Maybe there's a bug?
 
sharlein







PostPosted: Mon Feb 09, 2004 3:43 pm Reply with quote

Raven, you are a lifesaver. Do you remember that blackmail attempt we talked about? I just received 5 hack attempts from the same person. I will forward them so you can see them. I would like to get this guy if we can. I can't thank you enough - Steve
 
Raven







PostPosted: Mon Feb 09, 2004 3:49 pm Reply with quote

Well, you got me. That's my IP. Send in the clowns. I'm caught. Chat, the site's yours Laughing
 
sharlein







PostPosted: Mon Feb 09, 2004 3:59 pm Reply with quote

Laughing Laughing Laughing I better remove you from my banned list. The script worked perfectly. I highly recommend it to anyone and everyone! Very Happy Steve
 
Raven







PostPosted: Mon Feb 09, 2004 4:20 pm Reply with quote

Thank you Rolling Eyes Laughing
 
chatserv
Member Emeritus



Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Mon Feb 09, 2004 4:24 pm Reply with quote

Raven, you have the right to remain silent, anything you say can and will be used against you...
Cuff him Sharlein.
 
View user's profile Send private message Visit poster's website
Raven







PostPosted: Mon Feb 09, 2004 4:35 pm Reply with quote

Image
 
sharlein







PostPosted: Mon Feb 09, 2004 6:28 pm Reply with quote

Embarassed
 
Lateron
Worker
Worker



Joined: May 10, 2003
Posts: 119
Location: Katoomba, NSW, Australia.

PostPosted: Mon Feb 09, 2004 10:35 pm Reply with quote

Raven,

May I suggest you change Sharlein's URL in the third message from the top to yourdomain.com or something?

I have just installed the hack and went to copy the URL to test my site and before I could change domain name to mine, the URL had been actioned and I got the hack page and Sharlein would have got a worrying email.

Thanks, Raven.

Cheers,
Ron...
 
View user's profile Send private message Visit poster's website
paranor
Worker
Worker



Joined: Aug 28, 2003
Posts: 227

PostPosted: Tue Feb 10, 2004 7:55 pm Reply with quote

This alert was for reviews and news. What link is this for then?

[ Only registered users can see links on this board! Get registered or login! ]


Hey Sharlein - GO PACKERS! Smile
 
View user's profile Send private message
Raven







PostPosted: Tue Feb 10, 2004 8:02 pm Reply with quote

That code traps it all.
 
paranor







PostPosted: Tue Feb 10, 2004 8:10 pm Reply with quote

You mean test it? I *just* noticed it's the same as what's in your install document in the hackattemp.php program.

Speaking of that, the install document has a "/php/" in the URL. I had to remove that to test it. Typo?
 
Raven







PostPosted: Tue Feb 10, 2004 8:14 pm Reply with quote

If you put that code in mainfile.php it will trap all of the 'union' exploits.

Yes, the php is a leftover. I will fix it.
 
Ronin
New Member
New Member



Joined: Jul 30, 2003
Posts: 8

PostPosted: Wed Feb 11, 2004 6:28 pm Reply with quote

Hi guys,

Here's the top of my mainfile.php:
Code:
<?php


if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) header("Location: hackattempt.php/");


If I browse to mydomain.com/hackattempt.php I see the warning and get an email. However I can't seem to trigger it with my URL and the path shown in the INSTALL file:

Quote:
http://www.DOMAIN.COM/modules.php?name=Web_Links&l_op=viewlink&cid=1%20union%20select



Any ideas? This is a nuke6.5 machine.

Cheers,
Ronin


Last edited by Ronin on Wed Feb 11, 2004 6:45 pm; edited 1 time in total 
View user's profile Send private message
Raven







PostPosted: Wed Feb 11, 2004 6:39 pm Reply with quote

Try removing the trailing slash.
 
Ronin







PostPosted: Wed Feb 11, 2004 6:45 pm Reply with quote

Bingo!

Thanks Raven
 
qdog
New Member
New Member



Joined: Feb 12, 2004
Posts: 9

PostPosted: Thu Feb 12, 2004 10:25 am Reply with quote

Raven,

First thanks for another great script!!!

Next a quick question...

I have tried:
header("Location: hackattempt.php/")
header("Location: hackattempt.php")

And get page not found.

It works when I change it to this:
header("Location: [ Only registered users can see links on this board! Get registered or login! ]")

Any problems with doing this?
 
View user's profile Send private message Visit poster's website
Raven







PostPosted: Thu Feb 12, 2004 10:35 am Reply with quote

None at all. It is browser dependent and the fully qualified url is the RFC standard anyway Wink
 
qdog







PostPosted: Thu Feb 12, 2004 10:39 am Reply with quote

Cool, thanks for the quick reply Very Happy
 
Lateron







PostPosted: Fri Feb 13, 2004 4:17 am Reply with quote

Raven,

I got past the page not error by using:

header("Location: [ Only registered users can see links on this board! Get registered or login! ]")

However now I am getting:

Unable to query WhoIs information for 203.xxx.xxx.xxx.

I have had several union attacks today and they were stopped by Protector but I would like to get your system working.

Cheers,
Ron....
 
Raven







PostPosted: Fri Feb 13, 2004 5:52 am Reply with quote

Send me the actual IP and I will check into it.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©