Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports
Author Message
KennyW
Hangin' Around


Joined: Jul 15, 2004
Posts: 44

PostPosted: Tue Jan 11, 2005 10:02 am Reply with quote

NukeC & Download 3000 will not work properly if you have Sentinel 2.13 installed,but it will work with previous version,any idea how to get them to work properly,i tried to disable all the protections in Sentinel but it still stopped them so i try to move it from the mainfile and then it worked,so now I have put Sentinel back online but i want to run these 2 modules
 
View user's profile Send private message
Dameon
New Member
New Member


Joined: Jan 27, 2005
Posts: 6

PostPosted: Thu Feb 24, 2005 4:03 pm Reply with quote

I am having the same issues. I see no fix in over a month. hmmmm. Anyone have any idea?
 
View user's profile Send private message
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Thu Feb 24, 2005 4:12 pm Reply with quote

I haven't looked at either but its most likely something fairly simple.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
Dameon
PostPosted: Thu Feb 24, 2005 4:22 pm Reply with quote

Yea, I am gonna see what I can figure out but I don't know the sentinel code at all.
 
sixonetonoffun
PostPosted: Thu Feb 24, 2005 5:03 pm Reply with quote

Start with the santy code in the includes/sentinel.php the $id variable has been causing grief in a lot of modules.
 
Dameon
PostPosted: Thu Feb 24, 2005 5:38 pm Reply with quote

OK will do, Thanks
 
Dameon
PostPosted: Thu Feb 24, 2005 6:46 pm Reply with quote

Well, it appears that it is the sanity area. I comment out the entire code and downloads3000 works fine. AS far as I can tell, the bad content variable is assigned words that are not part of the incoming URI. I droped it to 1 word then changed it and it still won't let downloads3000 through. The funny part is it doesn't die with the illegal content error. The text comes back from the server with the following error: "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in bla \bla\sql_layer.php line 71"

Now it does have other errors also for different things and then repeats.
 
sixonetonoffun
PostPosted: Thu Feb 24, 2005 6:55 pm Reply with quote

Just leave it commented out and find the thread that has the Santy worm (revisited) title there are some mod rewrite protections that will do the same job and not bother your script.
 
Dameon
PostPosted: Thu Feb 24, 2005 6:59 pm Reply with quote

OK here is what I did. I know it is kinda poor code as I am a C++ coder but this worked where the while staement doesn't and it does the same thing only longer. Please tell me if this is any way bad from both functional as well as secure.

Thanks,

D

/********************************************************/
// Stop Santy Worm
$bad_uri_content="perl,rush,chr(,pillar,visualcoder,sess_";
global $REQUEST_URI;
/* $tmp=explode(",",$bad_uri_content);
while(list($id,$uri_content)=each($tmp)) {
if (strpos($REQUEST_URI,$uri_content)) {
die("Illegal Content");
}
}*/

if (strpos($REQUEST_URI, "perl")){
die("Illegal Content");
}
elseif (strpos($REQUEST_URI, "rush")){
die("Illegal Content");
}
elseif (strpos($REQUEST_URI, "chr(")){
die("Illegal Content");
}
elseif (strpos($REQUEST_URI, "pillar")){
die("Illegal Content");
}
elseif (strpos($REQUEST_URI, "pervisualcoder")){
die("Illegal Content");
}
elseif (strpos($REQUEST_URI, "sess_")){
die("Illegal Content");
}
 
Doodle
Hangin' Around


Joined: Jan 26, 2004
Posts: 46
Location: 127.0.0.1

PostPosted: Wed Mar 30, 2005 4:20 pm Reply with quote

Thanks, that worked.

_________________
Independent Network Solutions Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
Dameon
PostPosted: Thu Mar 31, 2005 7:13 am Reply with quote

Upgrade to Sentinel 2.2 and you can get rid of the sanity check altogether.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Bug Reports

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©