Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Loki
Worker
Worker


Joined: Oct 05, 2003
Posts: 107
Location: Illinois

PostPosted: Mon Jan 01, 2007 10:39 pm Reply with quote

Hey Raven, this was brought to my attention and I dont consider it a hack per se since it really doesn't make any changes to the database that I can see, but I would like to block it anyway. How would I go about forcing sentinel to catch and block someone attempting to use this.
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Mon Jan 01, 2007 10:42 pm Reply with quote

Try using the String Blocker within NukeSentinel and maybe key off the "YoMomma" or "%20Hacked%20".

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Loki
PostPosted: Mon Jan 01, 2007 11:21 pm Reply with quote

nope no settings catch it, It has to be coded into the module index file or into the module.php file directly to catch it, but I havent been able to get it to work yet.
 
montego
PostPosted: Tue Jan 02, 2007 5:44 am Reply with quote

Try just "Hacked" then... Are you certain that you have the String Blocker turned ON and you must be logged out as admin. What I do to test these things is to be logged in as admin in IE but not logged in using FireFox or Opera. It ensures that I do not have a cookie issue keeping me looknig as though I am logged in as admin.
 
Loki
PostPosted: Tue Jan 02, 2007 11:10 am Reply with quote

All settings are set to on and to block, I am logged out and removed cookies. It just doesnt catch it. Like I said tho it is not a major issue since it actually doesnt make any changes, but I want to eliminate the potential for anyone attempting to test things like this.
 
montego
PostPosted: Tue Jan 02, 2007 10:26 pm Reply with quote

Quote:

but I want to eliminate the potential for anyone attempting to test things like this.


Thank I suggest using .htaccess with RewriteCond/RewriteRule's on the QUERY_STRING. Search in the forums here for examples.

I'll have to try this out on my own site... hhhmmmm...
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu Jan 04, 2007 12:41 am Reply with quote

I don't really like using ttitle. It is stupid the way it was implemented, and may be a slight security concern. Remove the use of the $ttitle variable and just grab the title from the database. One extra query, no security concerns

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©