| Author |
Message |
Ant
New Member
Joined: Dec 08, 2005
Posts: 24
Location: Sweden
|
 Posted:
Fri Aug 25, 2006 3:37 am |
|
Hi there,
I'm trying to install an Xfire module for my clan site so my members can put there Xfire names on it. When I run the install script:
[ Only registered users can see links on this board! Get registered or login! ] I get the "Install Xfire Module" and when I click it I get the "Black Screen of Death" saying i'm blocked and "You have attempted to bypass the Filter System on this site"!!! (Luckily being admin it dosen't block me) Is there anyway I can get this to work? |
| |
|
 
|
|
srhh
Involved
Joined: Dec 27, 2005
Posts: 296
|
| Posted:
Fri Aug 25, 2006 10:16 am |
|
I sometimes have that happen when I click on a new link submissions from my admin in Nuke. I noticed it has to do with the way the URL is being read; its does this double URL thing (i.e. mysite.com/nuke/sitei'mtryingtovisit.com) and sets off the filter warning.
Try clicking 'properties' on the "Install Xfire Module" and paste the URL from properties into your URL bar. That works for me, I don't know if it is what your problem is, but is worth a try. |
_________________
Windows XP crashed.
I am the Blue Screen of Death.
No one hears your screams.
----------------------------------------
Yesterday it worked.
Today it is not working.
Windows is like that. |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Sat Aug 26, 2006 12:54 am |
|
This might be an issue with the use of double http.
Some modules not following the current 'security' way of thinking.
When you click the installer do you see [ Only registered users can see links on this board! Get registered or login! ] your site.com... [ Only registered users can see links on this board! Get registered or login! ] somethingelse.com |
| |
|
|
|
Ant
|
| Posted:
Sat Aug 26, 2006 1:35 am |
|
Hi there and thanks for replying.
I've looked at the properties srhh and theres nothing there, just says install-xfire.php.
Guardian, no its single mate. When I click on install xfire mod and I get the black screen of death its: h**p://my-site.com/install-xfire.php?cmd=install |
Last edited by Ant on Sat Aug 26, 2006 2:11 am; edited 1 time in total |
|
|
|
|
Guardian2003
|
| Posted:
Sat Aug 26, 2006 1:44 am |
|
Ah thats why. It the cmd - its a banned string as it is commonly used in cross site scripting (XSS) attacks.
You would need to temporarily comment out the include/nukesentinel.php in mainfile.php to run that installer but it would be worth checking the script files to see if they are using that syntax anywhere else.
If they are, the script is not going to work anyway whilst Sentinel is installed. |
| |
|
|
|
|
Ant
|
| Posted:
Sat Aug 26, 2006 2:16 am |
|
Thanks Guardian for the prompt reply.
I think i'll leave it off my site, The security of my clan site is more important mate! Besides, there are other ways my members could put up their Xfire names, like in the forum.
Thanks once again for you're help
ANT |
| |
|
|
|
|
Guardian2003
|
| Posted:
Sat Aug 26, 2006 2:17 am |
|
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Mon Aug 28, 2006 11:09 am |
|
|
|
|
|
Guardian2003
|
| Posted:
Mon Aug 28, 2006 12:00 pm |
|
Actualy, yes that would work as Sentinel looks for the sequence c m d = so changing all references as Evaders suggested to cmd2= should get you working.
I checled a couple of the regular sites I visit and couldn't find any vulnerabilities listed for that script which have not been addressed. |
| |
|
|
|
|
Ant
|
| Posted:
Mon Aug 28, 2006 11:45 pm |
|
Thanks guys its worked!!
I changed the references as you said evaders to cmd2 and it installed no problem, then deleted the file.
Thanks also Guardian for checking for any vulnerabilities with this script, this should keep my "brood" happy!! |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
