Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports
Author Message
webshark
New Member
New Member


Joined: Oct 14, 2004
Posts: 3

PostPosted: Thu Oct 14, 2004 8:33 am Reply with quote

Sientinel is blocking a mod i added to my phpbb forum called "tell a friend" how can i stop this from happening ?

This is the email i recieve:
Code:
Date & Time: 2004-10-14 14:06:56

Blocked IP: 212.179.28.66
User ID: אורח (1)
Reason: Abuse-Script
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Query String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 212.179.28.66
Remote Port: none
Request Method: GET
 
View user's profile Send private message
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Thu Oct 14, 2004 8:49 am Reply with quote

You'll have to find where the quotes are being added I would hazard to guess if the quotes are in the title you will have to strip them out before the $_POST is made. If the quotes are being added by your mod them you will have to find out where and alter it so there aren't quotes being added.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
webshark
PostPosted: Thu Oct 14, 2004 10:04 am Reply with quote

in this case, yes the quotes are part of the title ... why is this dangerous in some way ?
 
sixonetonoffun
PostPosted: Thu Oct 14, 2004 11:07 am Reply with quote

They are often part of XSS attacks, java tricks and such. You should be able to just add something like
$var = str_replace("\"", "", $var);
Replace $var with what ever variable is being used such as $ttitle or $topic_text
Thats about the simplest solution I can think of. This comes up a lot with Forum mods it seems.
 
sixonetonoffun
PostPosted: Thu Oct 14, 2004 11:11 am Reply with quote

I should add the reason its being flagged is because it is being submitted via a $_POST request. Otherwise it would not be flagged.
 
webshark
PostPosted: Thu Oct 14, 2004 11:33 am Reply with quote

sixonetonoffun wrote:
They are often part of XSS attacks, java tricks and such. You should be able to just add something like
$var = str_replace("\"", "", $var);
Replace $var with what ever variable is being used such as $ttitle or $topic_text
Thats about the simplest solution I can think of. This comes up a lot with Forum mods it seems.


this must be added to the mod file itself, right ?

this is what i found ... that i think can be closest:
Code:
$template->assign_vars(array( 

   "TELL_LINK" => append_sid("http://".$HTTP_SERVER_VARS['HTTP_HOST'].$temp_topic."?name=Forums&file=tellafriend&t=$topic_id", true)
   ));
 
br00klynzzfinest
New Member
New Member


Joined: Nov 21, 2005
Posts: 1

PostPosted: Mon Nov 21, 2005 5:35 pm Reply with quote

Im having the same problem... Here is my block abuse email:

Quote:
Date & Time: 2005-11-21 15:12:59 PST GMT -0800
Blocked IP: 162.84.201.103
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
Query String: Only registered users can see links on this board! Get registered or login! WEEKEND @CROBAR: Fri (BORIS) | Sat (ROGER SANCHEZ)&link=modules.php?name=Forums&file=http://www.bayridgenights.com/modules&name=Forums&file=tellafriend&t=5183
Get String: Only registered users can see links on this board! Get registered or login! WEEKEND @CROBAR: Fri (BORIS) | Sat (ROGER SANCHEZ)&link=modules.php?name=Forums&t=5183
Post String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: 162.84.201.103
Remote Port: 1269
Request Method: GET


Im not a big PHP guy so any detailed help would be outstanding. Thanks
 
View user's profile Send private message
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©