Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
cprompt
Regular
Regular


Joined: Jun 08, 2004
Posts: 64

PostPosted: Thu Aug 26, 2004 7:49 pm Reply with quote

Image

Sorry for the large image. Wanted to preserve the best view.
Anyone seen that before?
I imagine it is being caused by the string the hacker used.
 
View user's profile Send private message
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Thu Aug 26, 2004 8:01 pm Reply with quote

It is the string the hacker used and yes I have seen it before and thought I had patched to protect against it showing it's ugly head again.

Can you send me a dump of the nuke_nsnst_ips table including the data so I can test to make a better patch at webmaster(at)nukescripts(dot)net please.

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
cprompt
PostPosted: Thu Aug 26, 2004 8:07 pm Reply with quote

Email sent Wink
 
BobMarion
PostPosted: Thu Aug 26, 2004 8:24 pm Reply with quote

Found it Smile
Code:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.54  [ru"]


I had protected the query string display but not the user agent display. And this user agent has a " in it and threw the hole thing off. I'll make up a patch and post it once I have it done.
 
cprompt
PostPosted: Thu Aug 26, 2004 9:04 pm Reply with quote

Thank you Bob.
As always, great responses from a great group.
 
BobMarion
PostPosted: Thu Aug 26, 2004 9:07 pm Reply with quote

Okay here's the patch. Open admin/modules/sentinel.php in a text editor and find (around line 360):
Code:
          $ua = $getIPs['user_agent'];

          echo "<td>".info_img("<b>"._AB_USERAGENT.":</b> $ua<br /><br /><b>"._AB_QUERY.":</b> $qs", r)." <a href='http://ws.arin.net/cgi-bin/whois.pl?queryinput=$lookupip' target='$lookupip'>".$getIPs['ip_addr']."</td>\n";


Add this between the two line:
Code:
          $ua = htmlentities($ua, ENT_QUOTES);


Should look like:
Code:
          $ua = $getIPs['user_agent'];

          $ua = htmlentities($ua, ENT_QUOTES);
          echo "<td>".info_img("<b>"._AB_USERAGENT.":</b> $ua<br /><br /><b>"._AB_QUERY.":</b> $qs", r)." <a href='http://ws.arin.net/cgi-bin/whois.pl?queryinput=$lookupip' target='$lookupip'>".$getIPs['ip_addr']."</td>\n";
 
cprompt
PostPosted: Thu Aug 26, 2004 9:15 pm Reply with quote

Done...and FIXED!

Wonderful work Bob!
 
blith
Client


Joined: Jul 18, 2003
Posts: 977

PostPosted: Fri Aug 27, 2004 7:23 am Reply with quote

What damage could that have done if it was not blocked? Thanks.
 
View user's profile Send private message Visit poster's website
cprompt
PostPosted: Fri Aug 27, 2004 7:50 am Reply with quote

blith wrote:
What damage could that have done if it was not blocked? Thanks.


I don't think it would do any damage. The IP was still blocked, it was simply the display in the Admin panel that was screwy. Just a cosmetic thing I think.
 
BobMarion
PostPosted: Fri Aug 27, 2004 4:10 pm Reply with quote

It was just a display issue on the admin page. It would not have cause any harm other then looking bad on your screen Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©