Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Dauthus
Worker
Worker


Joined: Oct 07, 2003
Posts: 211

PostPosted: Tue Aug 02, 2005 10:46 pm Reply with quote

The core file edits for mainfile.php are like this:

Code:
For Nuke Patched 3.1 in mainfile.php


#
#-----[ FIND ]------------------------------------------
#
if (defined('FORUM_ADMIN')) {
   @require_once("../../../config.php");
   @require_once("../../../db/db.php");
   @require_once("../../../includes/custom_files/custom_mainfile.php");
   @require_once("../../../includes/ipban.php");
} elseif (defined('INSIDE_MOD')) {
   @require_once("../../config.php");
   @require_once("../../db/db.php");
   @require_once("../../includes/custom_files/custom_mainfile.php");
   @require_once("../../includes/ipban.php");
} else {
   @require_once("config.php");
   @require_once("db/db.php");
   @require_once("includes/custom_files/custom_mainfile.php");
   @require_once("includes/ipban.php");
}

#
#-----[ CHANGE TO ]------------------------------------------
#
if (defined('FORUM_ADMIN')) {
   @require_once("../../../config.php");
   @require_once("../../../db/db.php");
   @require_once("../../../includes/custom_files/custom_mainfile.php");
   @require_once("../../../includes/ipban.php");
   @include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
   @require_once("../../config.php");
   @require_once("../../db/db.php");
   @require_once("../../includes/custom_files/custom_mainfile.php");
   @require_once("../../includes/ipban.php");
   @include_once("../../includes/nukesentinel.php");
} else {
   @require_once("config.php");
   @require_once("db/db.php");
   @require_once("includes/custom_files/custom_mainfile.php");
   @require_once("includes/ipban.php");
   @include_once("includes/nukesentinel.php");
}

#
#-----[ FIND ]------------------------------------------
#
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
   die();
}

#
#-----[ COMMENT OUT ]------------------------------------------
#
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
//unset($matches);
//unset($loc);
//if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
//   die();
//}


#
#-----[ FIND ]------------------------------------------
#
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}

#
#-----[ COMMENT OUT ]------------------------------------------
#
//$queryString = strtolower($_SERVER['QUERY_STRING']);
//if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
//header("Location: index.php");
//die();
//}


My files look like this:

Code:
if (defined('FORUM_ADMIN')) {

   @require_once("../../../config.php");
   @require_once("../../../db/db.php");
   @require_once("../../../includes/sql_layer.php");
   if (file_exists("../../../includes/custom_files/custom_mainfile.php")) { @include_once("../../../includes/custom_files/custom_mainfile.php"); }
   @require_once("../../../includes/ipban.php");
   @include_once("../../../includes/nukesentinel.php");
   if (defined('NUKE_HEADER') && file_exists("../../../includes/custom_files/custom_head.php")) { @include_once("../../../includes/custom_files/custom_head.php"); }
   if (defined('NUKE_HEADER') && file_exists("../../../includes/custom_files/custom_header.php")) { @include_once("../../../includes/custom_files/custom_header.php"); }
} elseif (defined('INSIDE_MOD')) {
   @require_once("../../config.php");
   @require_once("../../db/db.php");
   @require_once("../../includes/sql_layer.php");
   if (file_exists("../../includes/custom_files/custom_mainfile.php")) { @include_once("../../includes/custom_files/custom_mainfile.php"); }
   @require_once("../../includes/ipban.php");
   @include_once("../../includes/nukesentinel.php");
   if (defined('NUKE_HEADER') && file_exists("../../includes/custom_files/custom_head.php")) { @include_once("../../includes/custom_files/custom_head.php"); }
   if (defined('NUKE_HEADER') && file_exists("../../includes/custom_files/custom_header.php")) { @include_once("../../includes/custom_files/custom_header.php"); }
} else {
   @require_once("config.php");
   @require_once("db/db.php");
   @require_once("includes/sql_layer.php");
   if (file_exists("includes/custom_files/custom_mainfile.php")) { @include_once("includes/custom_files/custom_mainfile.php"); }
   @require_once("includes/ipban.php");
   @include_once("includes/nukesentinel.php");
   if (defined('NUKE_HEADER') && file_exists("includes/custom_files/custom_head.php")) { @include_once("includes/custom_files/custom_head.php"); }
   if (defined('NUKE_HEADER') && file_exists("includes/custom_files/custom_header.php")) { @include_once("includes/custom_files/custom_header.php"); }
}

#
#-----[ AND ]------------------------------------------
#

//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Code to prevent UNION SQL Injections
//unset($matches);
//unset($loc);
//if(isset($_SERVER['QUERY_STRING'])) {
//  if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
//    die('Illegal Operation');
//  }
//}

#
#-----[ AND ]------------------------------------------
#

// Additional security (Union, CLike, XSS)
if(!file_exists('includes/nukesentinel.php')) {
  if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
//    $queryString = $_SERVER['QUERY_STRING'];
//    if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
//      die('Illegal Operation');
//    }
  }
}


Is this ok?

_________________
Only registered users can see links on this board! Get registered or login!
Vivere disce, cogita mori 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Wed Aug 03, 2005 2:17 am Reply with quote

Should be.
 
View user's profile Send private message
pinkbeef
Client


Joined: Jul 19, 2005
Posts: 68

PostPosted: Fri Sep 02, 2005 3:05 pm Reply with quote

I have the same prob.
so let me get this right, "should be" means...........
1...... do not replace the files
2...... do replace the files
3...... go get very drunk and forget it
Please advise me
 
View user's profile Send private message
Dauthus
PostPosted: Fri Sep 02, 2005 6:10 pm Reply with quote

LOL - I choose number 3.

But number 2 is the correct answer.

Just BACK UP BEFORE you do the changes.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©