| Author |
Message |
technocrat
Life Cycles Becoming CPU Cycles
Joined: Jul 07, 2005
Posts: 511
|
 Posted:
Tue Sep 25, 2007 10:26 am |
|
There is an advisory out for Sentinel. The problem is with the admin code in nsbypass.
includes/nsbypass.php
Code: $a_aid = "$abadmin[0]";
$a_pas = "$abadmin[1]";
|
Should probably be:
Code: $a_aid = FixQuotes($abadmin[0]);
$a_pas = FixQuotes($abadmin[1]);
|
I am unsure why the decision was made to reinvent the is_admin function as you could just use that instead since your already including the mainfile.
If you wanted to really be tougher you could just look for ' or " and stop right there.
I choose to just use the is_admin function and strip all that out, but I figure might as well pass the fix for the code as it is. |
_________________
Nuke-Evolution
phpBB-Evolution / phpBB-Evolution Blog |
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Tue Sep 25, 2007 11:53 am |
|
Thanks technocrat.
This is sort of related to another discussion, but why wouldn't you use addslashes() vs. FixQuotes()? I am not sure what the history or purpose of FixQuotes is. |
_________________
GCalendar - An Event Calendar for PHP-Nuke
Member_Map - A Google Maps Nuke Module |
|
|
|
|
technocrat
|
| Posted:
Tue Sep 25, 2007 11:59 am |
|
Actually technically neither one of those is correct per say.
The more effective way is to use mysql_escape_string/mysql_real_escape_string or the correct function depending on the db used. Which is the way FixQuotes is in Evo. I kind of thought that's the way it is in RN but it appears I am wrong. Probably be safer with addslashes in this case. |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Tue Sep 25, 2007 3:18 pm |
|
|
|
|
technocrat
|
| Posted:
Tue Sep 25, 2007 3:22 pm |
|
Waraxe gets the credit he found it.
I did right after the advisory was posted. |
| |
|
|
|
|
technocrat
|
| Posted:
Tue Sep 25, 2007 3:51 pm |
|
|
|
|
|
Gremmie
|
| Posted:
Tue Sep 25, 2007 8:52 pm |
|
| technocrat wrote: | | Fixed in 2.5.12 |
Yes, looks like Bob has it in the downloads section on nukescripts.net. |
| |
|
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
| Posted:
Wed Sep 26, 2007 9:14 am |
|
Does anyone really understand what nsbypass.php is used for? I just did a search of my entire ravennuke directory and the only place the string nsbypass is found is in ABTrackedRefers.php.
Also, nsbypass includes mainfile.php which reads in the config table and sticks the field nukeurl into the variable $nukeurl. So why can't nsbypass use $nukeurl instead of reading in * from the config table and then only using nukeurl again.
Or maybe tell me if I'm wrong. You've gotten yourself into the display tracked refers(sp) screen. You should be an admin to get there no? The program goes out to the tracked_ips table and finds the referer (tid). A list is built up. If you click on a referer link the href sends you off to nsbypass where you are validated as an admin all over again. If you pass then we read the tracked_ip table again and take you to the link. If you fail the admin test then the read of the authors table will turn up a zero result for you and you'll be taken back to the nukeurl ... which is index.php.
Am I missing something or is this an excess of caution? |
| |
|
|
|
|
technocrat
|
| Posted:
Wed Sep 26, 2007 9:34 am |
|
It's so you can view referred URLs without giving them a referral on their site I guess. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
