|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 394 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Union Tap - Beta 2 - Stop UNION Injections |
|
 In an earlier press release, I had issued a first Beta fix to fight back Union SQL Injections in Plain Text and Base64 encoding. As mentioned for the initial Beta, false positives were expected. Thanks to you folks, Beta 2 is now available for testing. It eliminates many of those false positives. For those daring to test it, I await your replies.
To install it, open mainfile.php and after the first line: <php please install the following code, or replace the initial Beta with this version of Beta 2 (now coined 'Union Tap'):
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 2 Code to prevent UNION SQL Injections delivered in Plaintext or Base64.
if (preg_match("/([dW5pb24VUJT0uniNIO]{5})/", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$matches[1]' INSIDE '$loc'.");
}
|
|
Posted on Saturday, April 24 @ 09:24:24 CEST by Zhen-Xjell |
|
|
|
|
| |
|
Average Score: 2.33
Votes: 9
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Union Tap Beta 2 and raven's hackattempt (Score: 1)
by akis on Saturday, April 24 @ 10:15:23 CEST
(User Info | Send a Message) | Hi,
ZX's union tap beta 1 code could be included in raven's hackalert code.
ZX's union tap beta 2 code can be included in raven's hackalert code?
Thanks |
Re: Union Tap Beta 2 and raven's hackattempt (Score: 1)
by Zhen-Xjell on Saturday, April 24 @ 10:20:43 CEST
(User Info | Send a Message) http://castlecops.com | Sure I see why Union Tap cannot serve as the entry point to hackalert. It serves as the leading indicator if such a code needs to be called.
Sting actually talks about that here and how to integrate hackalert into Union Tap:
http://nukecops.com/postp120356.html#120356 [nukecops.com]
I'm sure Raven will integrate hackalert with Union Tap for the benefit of the community. |
]
Re: Union Tap Beta 2 and raven's hackattempt (Score: 1)
by akis on Saturday, April 24 @ 10:34:20 CEST
(User Info | Send a Message) | zx, i don't know if you are not "ok" with raven or else, it is not my case this.
In forum post, sting combines hackalert with union tap beta 1 code. I can see that beta 2 code is different than 1.
i am not php coder, i know very little things about.
I just wondering if union tap beta 2 code can be included in hackalert code(as sting told for beta 1) and how.
Thanks :) |
]
Re: Union Tap Beta 2 and raven's hackattempt (Score: 1)
by inkydink1234 on Saturday, April 24 @ 11:03:00 CEST
(User Info | Send a Message) | So let me see if I understand correctly. In your previous article you slam Raven's script with this comment
"This is not valid, and actually Raven's script is breaking your users from using your site with per session cookies. That REQUEST_URI *IS VALID*. Its how phpBB works. I suggest you advise Raven to fix his code otherwise your users are unable to utilize per session only cookies."
And now you are saying it was not Raven's script?
If that is truly the case don't you feel an obligation to retract your earlier statement? And just for curiousity, why do you feel that he should include anything of yours in his script? Geez, it is so hard to follow your line of reasoning. |
]
Re: Union Tap Beta 2 and raven's hackattempt (Score: 1)
by Zhen-Xjell on Saturday, April 24 @ 18:44:46 CEST
(User Info | Send a Message) http://castlecops.com | | Reread my reply in that original article, Raven's code per the information supplied by the user shows it to be invalid. I never cared to look at Raven's hackalert file. If Raven would like my assistance, he knows my cellphone number as he's called me often times in the past. |
]
Re: Union Tap Beta 2 and raven's hackattempt (Score: 1)
by inkydink1234 on Sunday, April 25 @ 10:42:43 CEST
(User Info | Send a Message) | | :lol: - right. You never cared to look at his script but yet you have the divine power to determine that it is flawed based upon a post. Continuing to be unbelievable, as always. Raven seems to remember your phone conversations a little differently and more credibly. |
]
Re: Union Tap Beta 2 and raven's hackattempt (Score: 1)
by Zhen-Xjell on Sunday, April 25 @ 13:58:10 CEST
(User Info | Send a Message) http://castlecops.com | | Well inkydink, go join the band. For all those who say they aren't coming here, the latest information seems to keep making its rounds. Do me a favor, and either stay or leave. |
]
| | | | |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by DivideByZero on Saturday, April 24 @ 11:08:28 CEST
(User Info | Send a Message) http://www.ForwardObserver.us | | A user trying to activate his account on my site says that he go the alert after I installed the new code.
This is the modified URL: http://www.website.com/modules.php?name=Your_Account&op=activate&username=USERNAME&check_num=160c58a5b5524c8346a74911a57defa9
|
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by Zhen-Xjell on Saturday, April 24 @ 18:45:36 CEST
(User Info | Send a Message) http://castlecops.com | | Ahh, checknum.. thanks for the heads up. That'll be useful for beta 3. |
]
| | | | |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by foxyfemfem on Saturday, April 24 @ 12:06:01 CEST
(User Info | Send a Message) | Hello ZX,
The first beta 1 code would not allow me access my forum admin and this one beta 2 will not allow me to access my forum admin.
This is the message that I receive whenever I try to access the forum admin section....
(left frame) YOU ARE SLAPPED BY NUKECOPS BY USING 'd45b5' INSIDE 'pane=left&sid=c1d97e5ac422d72c2fe8241e60ad45b5'
(right frame) YOU ARE SLAPPED BY NUKECOPS BY USING 'd45b5' INSIDE 'pane=right&sid=c1d97e5ac422d72c2fe8241e60ad45b5'.
I think the beta 1 & 2 are rejecting the SID that is inside the modules/Forums/admin/index.php file |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by Zhen-Xjell on Saturday, April 24 @ 18:46:42 CEST
(User Info | Send a Message) http://castlecops.com | | Ok, this will help for beta 3 then. I'll use that in my testing. Thanks |
]
| | | | |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by Brujo on Sunday, April 25 @ 11:03:04 CEST
(User Info | Send a Message) | cool... 3 Lines of credits for a beta code, what we have to expect if it´s not more beta ?
got you not inough credits in the last time ? maybe it´s because nukecops shows his true face in the last weeks when it was not reachable for the community...
|
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by Zhen-Xjell on Sunday, April 25 @ 13:56:50 CEST
(User Info | Send a Message) http://castlecops.com | | I'm paying money for this stuff, much more than you'd care to do so personally. If you think NC gave up on the community, then leave. You're not welcome. |
]
| | | | |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by wgwara on Sunday, April 25 @ 15:36:04 CEST
(User Info | Send a Message) | | New user can't activate his account sometimes when this Beta 2 check is active. The URL which is being stopped is http://my_site/modules.php?name=Your_Account&op=activate&username=wiciu&check_num=4272e86ca1344ec053496584e722420c |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by inkydink1234 on Sunday, April 25 @ 16:49:09 CEST
(User Info | Send a Message) | | Didn't you brag very early on that your one line script does what NONE of the other's do? It seems that's true. It breaks things. Maybe it's YOU who should seek assistance from others :lol: |
]
| | | | |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by robertr994 on Sunday, April 25 @ 18:18:43 CEST
(User Info | Send a Message) | | the hack seems to work but I keep getting slapped when I try to view the forum on my site. will try beta 3 when it comes out |
| | | | | |
