Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x
Author Message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Tue Sep 06, 2005 12:19 pm Reply with quote

There is a bug or incompatibility (your choice) between Gallery 1.4.4 and Sentinel. If you go to change the highlight photograph in a Gallery album, you execute the following code in do_command.php in the Gallery module folder:

Code:
else if (!strcmp($cmd, "highlight")) {

   if ($gallery->user->canWriteToAlbum($gallery->album)) {
      $gallery->album->setHighlight($index);
      $gallery->album->save(array(i18n("Changed Highlight")));
   }

This eventually gets checked against the check filters section of nukesentinel.php in the /includes directory and specifically in the XSS attacks area as shown:
Code:
  // Check for XSS attack

  if ($name != "Gallery") { // this line added as well as closing brace
  if (eregi("http\:\/\/", $name) OR (stristr($nsnst_const['query_string'], "cmd=") AND !stristr($nsnst_const['query_string'], "&cmd")) OR (stristr($nsnst_const['query_string'], "exec") AND !stristr($nsnst_const['query_string'], "execu")) OR stristr($nsnst_const['query_string'],"concat")) {
/*   echo '<table bgcolor="green"><tr><td>' . 'xss attack caught' . '</td></tr>';
  echo '<tr><td>' . $name . ' name' . '</td></tr></table>'; */
    block_ip($blocker_row); } // end of gallery exclusion
  }


The Gallery exclusion code is of course not in the original version of nukesentinel.php but I added it as a temporary workaround.

I'm nowhere near expert enough to tell whether this is a security vulnerability built into Gallery or an oversight in Sentinel but I can report that anyone who tries to execute the "change highlight" photo functions in Gallery will get banned.
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Tue Sep 06, 2005 2:24 pm Reply with quote

This has been documented several times Smile Search the forum for gallery highlight or just highlight.
 
View user's profile Send private message
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.4.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©