|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 69
Members: 0
Total: 69
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
secure nuke_authors |
|
Posted: Fri May 21, 2004 10:04 pm |
|
|
Spacebom |
Regular user |
|
|
Joined: May 20, 2004 |
Posts: 6 |
Location: Valladolid - Spain |
|
|
|
|
|
|
Hi guys:
Almost all of PHP-Nuke atacks try to get nuke_authors information, and i think that writte this code in mainfile.php is nice:
Code: |
if (stristr($_SERVER["QUERY_STRING"],'%20union%20')|| stristr($_SERVER["QUERY_STRING"],'%20nuke_authors%20')) {
echo "<center>Parametros no permitidos<br><a href=\"http://www.desarrollonuke.org\">DesarrolloNuke</a></center>";
exit;
} |
Do you think that it's good?
Good night. |
|
|
|
|
Posted: Sat May 22, 2004 2:00 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
This can be evaded by "/**/union/**/" and "/**/nuke_authors/**/"
And sql injection can be done through POST or COOKIE array, so this security trap only helps against the simplest of attacks. |
|
|
|
|
|
hrmm |
|
Posted: Sat May 22, 2004 2:02 am |
|
|
icenix |
Advanced user |
|
|
Joined: May 13, 2004 |
Posts: 106 |
Location: Australia |
|
|
|
|
|
|
waraxe could do answer it better than me but i would say
that it would still be possible to use something like
to get past your filter...sure enough it could block a few attacks |
|
|
|
|
Posted: Sat May 22, 2004 3:01 pm |
|
|
Spacebom |
Regular user |
|
|
Joined: May 20, 2004 |
Posts: 6 |
Location: Valladolid - Spain |
|
|
|
|
|
|
hmmm, yeah, you have reason, thank u very much- |
|
|
|
|
|
|
|
|
Posted: Mon May 31, 2004 5:10 am |
|
|
b0ilz |
Regular user |
|
|
Joined: May 31, 2004 |
Posts: 10 |
|
|
|
|
|
|
|
/**/UN/**/ION will only work with some databases to evade this. mySQL treats /**/ as a field seporator. So this will not work.
as for the check. it is flawed as waraxe stated. Also, checking for such things is ok. but what if the query_string is manipulated? like how php will do url decoding on the query string when it assigns $_request ($_GET, $_POST, $_COOKIES) or when doing register_globals assignments. Also other string manipulation later might change something in the query_string.
checking for union and nuke_authors is a bad idea. it will deny many false positives if you check for it in POST data, and it will not do any good if you dont check in POST data.
Forget CMS, do html yourself just a suggestion. |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|