Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports
Author Message
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Tue Sep 25, 2007 10:26 am Reply with quote

There is an advisory out for Sentinel. The problem is with the admin code in nsbypass.

includes/nsbypass.php

Code:
 $a_aid = "$abadmin[0]";

$a_pas = "$abadmin[1]";


Should probably be:
Code:
 $a_aid = FixQuotes($abadmin[0]);

$a_pas = FixQuotes($abadmin[1]);


I am unsure why the decision was made to reinvent the is_admin function as you could just use that instead since your already including the mainfile.

If you wanted to really be tougher you could just look for ' or " and stop right there.

I choose to just use the is_admin function and strip all that out, but I figure might as well pass the fix for the code as it is.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Tue Sep 25, 2007 11:53 am Reply with quote

Thanks technocrat.

This is sort of related to another discussion, but why wouldn't you use addslashes() vs. FixQuotes()? I am not sure what the history or purpose of FixQuotes is.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
technocrat
PostPosted: Tue Sep 25, 2007 11:59 am Reply with quote

Actually technically neither one of those is correct per say.

The more effective way is to use mysql_escape_string/mysql_real_escape_string or the correct function depending on the db used. Which is the way FixQuotes is in Evo. I kind of thought that's the way it is in RN but it appears I am wrong. Probably be safer with addslashes in this case.
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Tue Sep 25, 2007 3:18 pm Reply with quote

Thanxs - I'm looking out for these issues in Sentinel. Glad you found some more, if Bob hasn't been emailed, I'll email him

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
technocrat
PostPosted: Tue Sep 25, 2007 3:22 pm Reply with quote

Waraxe gets the credit he found it.

I did right after the advisory was posted.
 
technocrat
PostPosted: Tue Sep 25, 2007 3:51 pm Reply with quote

Fixed in 2.5.12
 
Gremmie
PostPosted: Tue Sep 25, 2007 8:52 pm Reply with quote

technocrat wrote:
Fixed in 2.5.12


Yes, looks like Bob has it in the downloads section on nukescripts.net.
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Wed Sep 26, 2007 9:14 am Reply with quote

Does anyone really understand what nsbypass.php is used for? I just did a search of my entire ravennuke directory and the only place the string nsbypass is found is in ABTrackedRefers.php.

Also, nsbypass includes mainfile.php which reads in the config table and sticks the field nukeurl into the variable $nukeurl. So why can't nsbypass use $nukeurl instead of reading in * from the config table and then only using nukeurl again.

Or maybe tell me if I'm wrong. You've gotten yourself into the display tracked refers(sp) screen. You should be an admin to get there no? The program goes out to the tracked_ips table and finds the referer (tid). A list is built up. If you click on a referer link the href sends you off to nsbypass where you are validated as an admin all over again. If you pass then we read the tracked_ip table again and take you to the link. If you fail the admin test then the read of the authors table will turn up a zero result for you and you'll be taken back to the nukeurl ... which is index.php.

Am I missing something or is this an excess of caution?
 
View user's profile Send private message Visit poster's website
technocrat
PostPosted: Wed Sep 26, 2007 9:34 am Reply with quote

It's so you can view referred URLs without giving them a referral on their site I guess.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©