Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x
Author Message
Dauthus
Worker
Worker



Joined: Oct 07, 2003
Posts: 211

PostPosted: Sun Jul 16, 2006 1:53 pm Reply with quote

Clicking on the link to report suspected cheating bans the user. Here's the email:

Code:
User Agent: MJ12bot/v1.0.8 (http://majestic12.co.uk/bot.php?+)

Query String: [ Only registered users can see links on this board! Get registered or login! ] Name&surl=http://www.website.com
Get String: [ Only registered users can see links on this board! Get registered or login! ] Name&surl=http://www.website.com
Post String: [ Only registered users can see links on this board! Get registered or login! ] Forwarded For: none


I checked this myself and it does ban the user. I know the problem is in the "&surl=http://" section of the code.

I guess what I am asking here is if I can keep adding modules to the XSS attack in the following manner:

Code:
// Check for XSS attack 

  if( eregi("http\:\/\/", $name) OR eregi("http\:\/\/", $file) OR eregi("http\:\/\/", $libpath)
  // Added protection for gallery2 module
  //OR stristr($nsnst_const['query_string'], "http://")
  OR ( stristr($nsnst_const['query_string'], "http://")  AND !stristr($nsnst_const['query_string'], "modules.php?name=gallery2"))
  // END gallery2 protection
// ADD MS Topsites protection
OR ( stristr($nsnst_const['query_string'], "http://")  AND !stristr($nsnst_const['query_string'], "modules.php?name=MS_TopSites"))
// END MS Topsites protection
  OR ( stristr($nsnst_const['query_string'], "cmd=") AND !stristr($nsnst_const['query_string'], "&cmd") )
  OR ( stristr($nsnst_const['query_string'], "exec") AND !stristr($nsnst_const['query_string'], "execu") )
  OR stristr($nsnst_const['query_string'],"concat") AND !stristr($nsnst_const['query_string'], "../") ) {
    block_ip($blocker_row);
  }
}


Is it OK to just keep adding modules as they are needed?

_________________
Image
Vivere disce, cogita mori 
View user's profile Send private message Visit poster's website
kguske
Site Admin



Joined: Jun 04, 2004
Posts: 6432

PostPosted: Sun Jul 16, 2006 6:17 pm Reply with quote

Looks like it's trying VERY hard to prevent more than just XSS. I guess you can keep adding...

_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sun Jul 16, 2006 11:17 pm Reply with quote

Now does MS_Topsites need to be passing the full URL at all? It would be best to rewrite it if possible using ID numbers

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
kguske







PostPosted: Mon Jul 17, 2006 4:54 am Reply with quote

To clarify, I think evaders99 means to change MS_Topsites.
 
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661

PostPosted: Mon Jul 17, 2006 5:45 am Reply with quote

lol....but [ Only registered users can see links on this board! Get registered or login! ] isnt a user..
thats a very annoying bot .
however the banning part does happen....last week a member got banned after rating a site...
 
View user's profile Send private message
nagahosting
Regular
Regular



Joined: Nov 03, 2007
Posts: 52
Location: Nagalim

PostPosted: Fri Dec 28, 2007 7:53 pm Reply with quote

persona_non_grata wrote:
lol....but [ Only registered users can see links on this board! Get registered or login! ] isnt a user..
thats a very annoying bot .
however the banning part does happen....last week a member got banned after rating a site...



LOL I don't know whether it is a good bot or a bad bot...but i guess NukeSentinel doesn't like it. Getting banned emails everyday. Rolling Eyes


[code]Date & Time: 2007-12-28 08:40:06 CST GMT -0600
Blocked IP: 125.232.93.24
User ID: Visitor (1)
Reason: Abuse-Script
--------------------
User Agent: MJ12bot/v1.0.8 (http://majestic12.co.uk/bot.php?+)
Query String: [ Only registered users can see links on this board! Get registered or login! ]
Get String: [ Only registered users can see links on this board! Get registered or login! ]
Post String: mywebsite.com/modules.php
Forwarded For: none
Client IP: none
Remote Address: 125.232.93.24
Remote Port: 3853
Request Method: GET
--------------------
Who-Is for IP
[code]

_________________
Blessed Is He Who Comes In The Name Of The Lord 
View user's profile Send private message Visit poster's website
evaders99







PostPosted: Sat Dec 29, 2007 2:49 am Reply with quote

That is because you are using parenthesis in the video name. Just remove those parenthesis.

This also happens on the Downloads module
 
nagahosting







PostPosted: Sun Dec 30, 2007 6:19 am Reply with quote

Oh thank you so much evaders99 Smile I will check that out:)
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©