Raven's Hack Alert Script Update

Posted on Saturday, May 08, 2004 @ 16:09:18 UTC in Security
by Raven

I have updated my Hack Alert script to speed it up and avoid a variable naming conflict. Also I have enhanced/simplified the /* comment exploit/trap as it seems the kids get craftier every day :)
 
 
click Related        click Share
 
 
Associated Topics

My Scripts and/or Mods
 
 

Re: Raven's Hack Alert Script Update (Score: 1)
by MickP on Saturday, May 08, 2004 @ 17:12:17 UTC
  
(User Info | Send a Message) http://www.your-poetry.com

HI Raven,
Is this in the downloads as yet, as the hackattempt in there last update says 04/28/2004: v1.2 ? if not, where could we find?

Once again, many thanks for this great script, it catches attempts daily on my site.

Mick

Re: Raven's Hack Alert Script Update (Score: 1)
by Raven
on Saturday, May 08, 2004 @ 17:27:14 UTC
(User Info | Send a Message)

Yes it is. I just didn't update the date. I will do that right now.

Re: Raven's Hack Alert Script Update (Score: 1)
by MickP
on Saturday, May 08, 2004 @ 17:31:47 UTC
(User Info | Send a Message) http://www.your-poetry.com

Thanks Raven, as I say, its the best!

 
 

Question to new Hack Alert Update (Score: 1)
by soc on Sunday, May 09, 2004 @ 10:58:11 UTC
  
(User Info | Send a Message)

Hello,

i just wanted to ask this :

now in my mainfile.php i have that

$checkurl = preg_replace("#(/*.**/)#", "", $_SERVER["QUERY_STRING"]);
if (stristr($checkurl,'%20union%20')) {
$loc = $_SERVER['QUERY_STRING'];
header("Location: hackattempt.php?$loc");
die();
}

(it includes an "update" about checkurl)


Do i have to change all that code to the new?

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,'%20union%20') OR strstr($queryString,'/*')) {
header("Location: hackattempt.php?$queryString");
die();
}


or to include the checkurl again?


Thanks :)


Re: Question to new Hack Alert Update (Score: 1)
by sixonetonoffun
on Sunday, May 09, 2004 @ 13:32:39 UTC
(User Info | Send a Message)

Replace the original version with the new one. The variable name was changed from $checkurl because of a frequent conflict with another variable with the same name in another hack which is in the admin.php. Because of course admin.php requires mainfile.php thus the conflict :oP

Make sense now?

 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • nextgen
Server TrafficServer Traffic
  • Total: 481,641,404
  • Today: 8,706
Server InfoServer Info
  • Mar 29, 2024
  • 06:23 am UTC