Author |
Message |
thebishop
Worker
Joined: Aug 30, 2005
Posts: 244
Location: Flying to close to the sun
|
Posted:
Tue Nov 28, 2006 8:15 pm |
|
Running nuke 7.6-3.3 bbtonuke 2.0.21,
I have just completed a fresh install of NS NukeSentinel_2503_70-80 and everything seems to have went well.
I have done all of the core edits and CGI auth is working but after having configured all of the blocker settings to email,block & forward I am not getting blocked nor forwarded to the abuse.html.
Any thoughts on why this isn't working. |
|
|
|
|
manunkind
Client
Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM
|
Posted:
Tue Nov 28, 2006 8:45 pm |
|
Are you logging out as Admin when you try to get banned? |
_________________ PC Sympathy |
|
|
|
thebishop
|
Posted:
Wed Nov 29, 2006 2:20 am |
|
yes, I log out, i clear my browser of everything then i use the following to test NS.
[ Only registered users can see links on this board! Get registered or login! ]
all it does is direct me to the login box.
when i point my browser to [ Only registered users can see links on this board! Get registered or login! ] i get the PC killer pop up flood, so i know thats were its supposed to be.
for some reason NS isn't detecting the union hack attempt. |
|
|
|
|
FireATST
RavenNuke(tm) Development Team
Joined: Jun 12, 2004
Posts: 654
Location: Ohio
|
Posted:
Wed Nov 29, 2006 6:45 am |
|
your ip doen't happen to be in the protected range does it? |
|
|
|
|
thebishop
|
Posted:
Wed Nov 29, 2006 1:18 pm |
|
no i have no ips in the protected range. |
|
|
|
|
manunkind
|
Posted:
Wed Nov 29, 2006 2:41 pm |
|
Double check your mainfile.php edit? |
|
|
|
|
thebishop
|
Posted:
Wed Nov 29, 2006 5:15 pm |
|
manunkind, done that already. everything seems to be correct. |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
Posted:
Wed Nov 29, 2006 5:25 pm |
|
I don't think that is something that will even "pick up" because it really isn't a valid GET string. I wonder if nuke (apache or the browser) is chopping off what you have after the "&" sign. Try using a valid variable name after the "&" and embed the union string in it and see if you get it. |
_________________ Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... |
|
|
|
thebishop
|
Posted:
Wed Nov 29, 2006 5:32 pm |
|
try to use a what with who and how. your talking a different language now Montego. |
|
|
|
|
montego
|
Posted:
Wed Nov 29, 2006 5:36 pm |
|
For example, maybe try something like this:
[ Only registered users can see links on this board! Get registered or login! ]
followed by your union exploit... |
|
|
|
|
thebishop
|
Posted:
Wed Nov 29, 2006 5:51 pm |
|
nope, it still just takes me to the user login page.
thanks for the suggestion though |
|
|
|
|
|