Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
RaDiKaL
New Member
New Member


Joined: Jun 10, 2004
Posts: 23

PostPosted: Sat Jun 11, 2005 3:03 pm Reply with quote

I got the following text entry as a comment in almost every review (module) on my site.

Quote:
acne scarairlineseating disorderanavar bdsmcheap cigaretteskin carecarisoprodol italian charmsitalian charms cheap cigarettepoker chryslerbasketball bettingcontact lensgirl clothingrouletterolexhawaii weddingstexas holdemair purifierstexas holdemrolexjordan shoesreplica watcheslingeriescar loanlorcet texas holdemmortgage rates support stockingdidrexCelexamortgage rates paxilphenterminepremproLive Psychic hair careFishing Rod pain reliefbodybuilding sandalscellulitisflasherscosequin cheerleadersskin carereplica sunglassescar audio swingerspiercingTarot Readingtatoo teen analcheap hotelscruise dealairlines vicodinlas vegas hotelswine basketDivorce Lawyer enematexas holdemclothingtexas holdemtexas holdemreplica watches shampoohair careshampooreplica watcheshair care shampoo


What the hell is this?
Is this done with some form of injection?
There was no name (even anonymous) as a userid.

I have replace two lines of code in index.php in the review module
In function preview_review
Code:
//$text = stripslashes(check_html($text, ""));

    $text = stripslashes($text);


and in function send_review
Code:
      $text = stripslashes(Fixquotes(urldecode(check_html($text, ""))));

Because I couldn't use ANY Html tags at all.

I've deleted the entries from the database. Any ideas?
Thanks...

I'm using Nuke 7.5, latest patches and Sentinel 2.3
 
View user's profile Send private message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sat Jun 11, 2005 4:02 pm Reply with quote

There was another topic about the reviews comments.
Did you read this ?
Is this yours ?
Posted by on 2005-06-08 03:23:57

Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
RaDiKaL
PostPosted: Sat Jun 11, 2005 11:20 pm Reply with quote

No it wasn't but thanks for the heads up! Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©