Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Lateron
Worker
Worker


Joined: May 10, 2003
Posts: 119
Location: Katoomba, NSW, Australia.

PostPosted: Mon Mar 29, 2004 3:48 pm Reply with quote

This was posted by djmaze at nukecops:

Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Mon Mar 29, 2004 3:56 pm Reply with quote

Laughing I was just posting Chatserv's fix here.

In admin.php find this code
Code:
function deleteNotice($id, $table, $op_back) {

    global $db;
    $db->sql_query("DELETE FROM $table WHERE id = '$id'");
    Header("Location: admin.php?op=$op_back");
}
and change it to
Code:
function deleteNotice($id) { 

    global $prefix, $db;
    $id = intval($id);
    $db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = '$id'");
    Header("Location: admin.php?op=reviews");
}

and find in the same file:
Code:
case "deleteNotice": 

   deleteNotice($id, $table, $op_back);
   break;

Change to:
Code:
case "deleteNotice": 

   deleteNotice($id);
   break;
 
View user's profile Send private message
Lateron
PostPosted: Mon Mar 29, 2004 4:38 pm Reply with quote

Raven,

We folk from the Southern Hemisphere are just too quick for you northerners ! Laughing


Ron..... Wink
 
Raven
PostPosted: Mon Mar 29, 2004 4:50 pm Reply with quote

Rock => Raven <= Lateron

I have the comebacks but in the interest of public relations I will withhold them Laughing
 
Nukeum66
Life Cycles Becoming CPU Cycles


Joined: Jul 30, 2003
Posts: 551
Location: Neurotic, State, USA

PostPosted: Mon Mar 29, 2004 7:08 pm Reply with quote

Raven, let the reb have it! ...... Laughing

_________________
Scott Johnson MIS Ubuntu/Linux 11.10 
View user's profile Send private message Visit poster's website
Johan1982
New Member
New Member


Joined: Oct 23, 2003
Posts: 24

PostPosted: Tue Mar 30, 2004 1:54 pm Reply with quote

Excellent Cool

Another thing, I have read this post in the Forum of phpnuke.org, Only registered users can see links on this board! Get registered or login! an GOD administrator can erase? Question
 
View user's profile Send private message
darksied
Hangin' Around


Joined: Jan 27, 2004
Posts: 25
Location: New Jersey

PostPosted: Tue Mar 30, 2004 5:24 pm Reply with quote

Ok i tried this fix and i get a parse error on line 125 anyone else have this happen yet i am running version 6.9, any ideas on how to possibly fix the fix.
 
View user's profile Send private message Visit poster's website AIM Address
Raven
PostPosted: Tue Mar 30, 2004 5:39 pm Reply with quote

Well, a parse error usually means a missing ; or ' or " . If you can't find it, please post lines 120 - 130.
 
darksied
PostPosted: Tue Mar 30, 2004 11:36 pm Reply with quote

Ok Raven here is the error and the code i included line 109-130 just seemed easier at the time.

ps: Like i told Chatserv thanks for all the work that you guys do in the security area for php-nuke.

Code:
Parse error: parse error in /home/public_html/admin.php on line 125



Code:
109 function gfx($random_num) {

110     global $prefix, $db;
111     require("config.php");
112     $datekey = date("F j");
113     $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
114     $code = substr($rcode, 2, 6);
115     $image = ImageCreateFromJPEG("images/admin/code_bg.jpg");
116     $text_color = ImageColorAllocate($image, 80, 80, 80);
117     Header("Content-type: image/jpeg");
118     ImageString ($image, 5, 12, 2, $code, $text_color);
119     ImageJPEG($image, '', 75);
120     ImageDestroy($image);
121     die();
122 }
123
124 function deleteNotice($id) {
125      global $prefix, $db;
126      $id = intval($id);
127      $db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = '$id'");
128      Header("Location: admin.php?op=reviews");
129  }
130
 
Raven
PostPosted: Tue Mar 30, 2004 11:51 pm Reply with quote

Something else has been added to your admin.php. In the v6.9 default admin.php, your line 109 actually starts on line 106. Try reinstalling the default admin.php and then applying this fix.
 
darksied
PostPosted: Wed Mar 31, 2004 11:30 am Reply with quote

ok this is what i did i droped a clean admin.php and the one on my site in Differences Examiner and this is what i found.

Code:
if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {

 die("Illegal Operation");
 }


Clean admin.php
Code:
$sql = "INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_lang, user_dateformat) VALUES (NULL, '$name', '$email', '$url', '$user_avatar', '$user_regdate', '$pwd', '$Default_Theme', '$commentlimit', 'english', 'D M d, Y g:i a')";


admin.php on website
Code:
$sql = "INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL, '$name', '$email', '$url', '$user_avatar', '$user_regdate', '$pwd', '$Default_Theme', '$commentlimit', '2',  'english', 'D M d, Y g:i a')";


now the top code i include from your site why the other 2 lines are different i dont really know i have a few mods like nsn groups and such so it could be from any mod i installed i wish there was a way to tell what changes what or what lines were modified by newly installed mods.
 
Raven
PostPosted: Wed Mar 31, 2004 1:44 pm Reply with quote

Please zip your admin.php and email it to me. Thanks.
 
Raven
PostPosted: Wed Mar 31, 2004 5:40 pm Reply with quote

I don't know what editor you are using but it is adding some weird characters in all the code you added. That's your problem. Use an editor like Textpad and try it again. Here is what it looks like and what is causing your errors

Code:
function deleteNotice($id) {

 Ę Ę global $prefix, $db;
 Ę Ę $id = intval($id);
 Ę Ę $db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = '$id'");
 Ę Ę Header("Location: admin.php?op=reviews");
 }
and also
Code:
   case "deleteNotice":

 Ę ĘdeleteNotice($id);
 Ę Ębreak;
 
darksied
PostPosted: Wed Mar 31, 2004 11:23 pm Reply with quote

Thanks for all the help raven it now works.
 
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Mon Apr 26, 2004 11:34 am Reply with quote

Some additional protection code, thought i'd post it here since it deals with admin.php as well. This will stop two forms of a hack that attempts to add an admin account for the hacker either by using a fake image or by inserting the code:

After admin.php's file credits add the following:
Code:
if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {

die("Illegal Operation");
}
 
View user's profile Send private message Visit poster's website
paranor
Worker
Worker


Joined: Aug 28, 2003
Posts: 227

PostPosted: Mon Apr 26, 2004 9:45 pm Reply with quote

Does Raven's hackattempt stop this Chatserv?

I get confused as to what I should be adding where.
 
View user's profile Send private message
Raven
PostPosted: Mon Apr 26, 2004 9:50 pm Reply with quote

No. Mine is meant and directed at the UNION hack attempts. However, you can direct Chat's snippet to my hack script to get the IP information instead of just die().
 
chatserv
PostPosted: Mon Apr 26, 2004 9:55 pm Reply with quote

Code:
if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) header("Location: hackattempt.php");
 
paranor
PostPosted: Mon Apr 26, 2004 9:56 pm Reply with quote

Ugh. Is there anything I can do to manage a nice organized list of what to patch and what covers what and what isn't in what and when?

I've been gone for a few weeks and there is this new patch buried in an old post. Just thinking of a way to utilize Chatserv and your talents best without having to keep track of things 24x7. Smile
 
Raven
PostPosted: Mon Apr 26, 2004 10:02 pm Reply with quote

Money always works for me. How about you Chat :LOL:
 
paranor
PostPosted: Mon Apr 26, 2004 10:10 pm Reply with quote

lol. true! and thankfully my giving record speaks for itself - you guys are cheap and easy. Wink

Seriously I was thinking more of a single reference point.

In this case I think it would be something like

??/??/?? 2.2 - Chatserv pack here (link)
??/??/?? 2.3 - Chatserv pack here (link)
04/??/04 - admin.php patch here (link)
05/01/04 - 2.4 - Chatserv pack here - includes all post 2.3 fixes.

and preferably the link for the source code does have 20 replies in it. That gets to be annoying reading and what if there is a fix to the original code 21 replies later?

I'd be happy to help with that - it at least gives me something to contribute. And maybe I'll shaddup.
 
chatserv
PostPosted: Mon Apr 26, 2004 10:16 pm Reply with quote

Ditto lol
 
chatserv
PostPosted: Mon Apr 26, 2004 10:34 pm Reply with quote

Quote:
you guys are cheap and easy.

That sure does not help my messed up reputation. Laughing
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©