Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
salsafan
New Member
New Member


Joined: Jun 08, 2008
Posts: 2

PostPosted: Sun Jun 08, 2008 4:19 pm Reply with quote

I am very glad with Nuke Sentinel. It has kept off a lot of evil users from my site. I however discovered a possible error.

When a $_POST variable contains the following string, a user is blocked:
Quote:
<a href="http://latinsalsaforum.latinnet.nl/forumsmusic_cat-cat_id-19-sort_method-song_order_id-sort_order-ASC--start-20-uinf-zouk.html">hier</a>


The user is told that he tried to do a 'Script attack'

I think this is not correct. I reviewed the filter and discovered that the following condition triggers the abuse script filter.
Quote:

(eregi("<[^>]*meta*\"?[^>]*", $secvalue))


In this condition, there are two problems:
1) The part meta* causes us to look for 'met' followed by 0 or more 'a'. But this is not the intention. I expect we want to look for 'meta' followed by 0 or more characters. This can be easily fixed by replacing 'meta*' by 'meta.*'.
2) The expression is also triggered when the word 'meta' appears within the href attribute of the <a href="XXXX"> clause. But a <a href="XXXX"> expression is very common and should not be a problem. I do not know how to fix that.

Does anybody have a suggestion?
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Tue Jun 10, 2008 5:28 am Reply with quote

I have tested this using RegexBuddy and can definitely see your point. I do think that these may need to be revisited. I do agree with your "fix" in 1). I think that is an issue with each of these. Unfortunately, 2) is far more complex, needs a strong regex person to address, and would require extensive testing. Just saying that the longer-term "fix" will take time.

Thank you for bringing this to our attention.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
salsafan
PostPosted: Wed Jun 11, 2008 4:27 pm Reply with quote

Thank you for your help! Without nuke sentinel, my life would be much more difficult.

I made a temporary fix. In order to prevent abuse in case of an error, I sent it to 'montego' by PM.
 
montego
PostPosted: Thu Jun 12, 2008 6:02 am Reply with quote

I have forwarded this thread to the author of NS as well. A change like this is not to be taken lightly given what it is intended to stop in terms of XSS injection.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©