| Author |
Message |
rasputin
Sergeant
Joined: May 30, 2003
Posts: 88
|
 Posted:
Thu Apr 29, 2004 4:40 am |
  |
I think we have a valid error here with posting news ...
I have a site with english/russian content : http://www.russianeast.com.
I have noticed same problem as anthonyaykut mentioned in comments to latest Fortress article. Only I have seen it when posting Autonews. Title becomes Fortress Alarm @ sitename . Only commenting out UnionTap in mainfile.php allowed me to change the title name .... FYI : title was in cyrilic alphabet, haven't had a chance to test with english ...
I do have REGISTER_GLOBALS On .... not sure if it makes any difference in this case ... I needed it for one of the modules.
I'm running Nuke6.9 with all the fixes.
Apache 2.0
PHP4.2.2
MySQL 3.23.58.
All applications are with latest patches. |
|
|
    |
|
rasputin
Sergeant
Joined: May 30, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 7:56 am |
|
Problem still exists with latest Fortress that was just released here ...
Anyone ? |
|
|
|
|
scandicdiscopub
Sergeant
Joined: Oct 20, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 8:11 am |
|
|
|
|
scandicdiscopub
Sergeant
Joined: Oct 20, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 8:24 am |
|
any one
i have fortress and in mainfile.php this:
| Code: |
define('ZERO', true);
include('fortress.php');
if (strstr($loc,"*")) {
$method = "CLIKE";
AlertMail($method);
}
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", $loc, $matches)) {
$method = "UNION";
AlertMail($method);
}
//Union Tap Code (UTC)
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 4 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
$loc=rawurldecode($_SERVER["QUERY_STRING"]);
//This if block catches C-like comment code within all SQL Injections, not just Union.
//White paper available here: http://www.securiteam.com/securityreviews/5FP0O0KCKM.html
if (strstr($loc,"*")) {
die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$loc'.");
}
//This catches plaintext and base64 version of the Union SQL Injection code.
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", $loc, $matches)) {
die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$matches[1]' INSIDE '$loc'.");
}
|
|
|
|
|
|
IACOJ
Major
Joined: Jan 15, 2003
Posts: 1269
Location: USA
|
| Posted:
Thu Apr 29, 2004 8:28 am |
|
|
|
|
scandicdiscopub
Sergeant
Joined: Oct 20, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 8:40 am |
|
|
|
|
rasputin
Sergeant
Joined: May 30, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 9:46 am |
|
IACOJ, I'm using files you specified. Problem still comes up ... |
|
|
|
|
IACOJ
Major
Joined: Jan 15, 2003
Posts: 1269
Location: USA
|
| Posted:
Thu Apr 29, 2004 10:00 am |
|
| scandicdiscopub wrote: |
UTC is only the code no?
well i have both and without result... |
It appears to me you are using Beta 4 and Beta 4a code repeated instead of Beta 4b. You are missing "ReleaseVars()" function call.
If you have changed the code you're using since you last posted it and are still having the problem, please repost the code.
| rasputin wrote: |
| IACOJ, I'm using files you specified. Problem still comes up ... |
Those are the files we are using here on NC and we can't seem to duplicate your problem. Are you sure you are using both Beta 4b and Fortress 1.01 Beta? |
|
|
|
|
Adis
Nuke Cadet
Joined: Feb 15, 2003
Posts: 6
Location: USA
|
| Posted:
Thu Apr 29, 2004 10:12 am |
|
| Quote: |
| Those are the files we are using here on NC and we can't seem to duplicate your problem. Are you sure you are using both Beta 4b and Fortress 1.01 Beta? |
Im using new files and still getting same problem. Now I cant even post test article. When I clik "ok" button to post article it does something like preview and changes title to Fortress Alarm @ sitename |
Last edited by Adis on Thu Apr 29, 2004 10:37 am; edited 1 time in total |
|
|
|
genoxide
Sergeant
Joined: Jun 19, 2003
Posts: 80
|
| Posted:
Thu Apr 29, 2004 10:29 am |
|
i'm having the same problem, i tried puting the tap before/after this addon but still the same.. |
_________________
 |
|
|
|
scandicdiscopub
Sergeant
Joined: Oct 20, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 10:34 am |
|
Could you be so friendly to list the correct code here then ,because i can´t seem to find any newer code then i have implemented and still as a result
no luck.
Thnx |
_________________
All we want is knowledge and if knowledge is power we should be considered dangerous.
http://www.nukeroyal.com|http://www.mexicomiamore.com| |
|
|
|
rasputin
Sergeant
Joined: May 30, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 10:50 am |
|
| Quote: |
Those are the files we are using here on NC and we can't seem to duplicate your problem. Are you sure you are using both Beta 4b and Fortress 1.01 Beta?
|
Not sure what is the problem but yes, I have double and triple checked code, file. Made sure that no empty spaces are before or after php opening and closing code. Everything looks right but it still doesn't work. I'm getting title modified every time when I uncomment NC code in mainfile.php ... |
|
|
|
|
Adis
Nuke Cadet
Joined: Feb 15, 2003
Posts: 6
Location: USA
|
| Posted:
Thu Apr 29, 2004 11:05 am |
|
I have Raven's hackallert script and Protector installed with patches.
| Code: |
//RAVEN HACKALLERT V2 placed in mainfile.php
$checkurl = preg_replace("#(/\*.*\*/)#", "", $_SERVER["QUERY_STRING"]); //Courtesy of http://www.esnider.net
// Raven http://ravenphpscripts.com
if (stristr($checkurl,'%20union%20')) {
$loc = $_SERVER['QUERY_STRING'];
header("Location: hackattempt.php?$loc");
die();
}
//END RAVEN HACKALLART |
|
|
|
|
|
IACOJ
Major
Joined: Jan 15, 2003
Posts: 1269
Location: USA
|
| Posted:
Thu Apr 29, 2004 11:18 am |
|
If everyone would please open up fortress.php starting at line 54 you will see the following:
| Code: |
Union Tap Code:
The following code is called Union Tap Code. It is not part of the Fortress code,
but it is quoted here for easy access. To install it and call Fortress, open
mainfile.php and after the first line: "<?php" install the following code:
[----CUT----]
// Union Tap Code (UTC) - Fortress Integrated
// Copyright Zhen-Xjell 2004 http://nukecops.com
// Beta 4b Code to prevent UNION SQL Injections
// GNU GPL License 2
// The following catches C-like comment code within all SQL Injections, not just Union.
// White paper available here: http://www.securiteam.com/securityreviews/5FP0O0KCKM.html
// Also caught are plaintext and base64 version of the Union SQL Injection code.
define('ZERO', true);
include('fortress.php');
if (strstr($loc,"*")) {
$method = "CLIKE";
AlertMail($method);
}
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", $loc, $matches)) {
$method = "UNION";
AlertMail($method);
}
ReleaseVars();
[----CUT----]
.end. */
|
Please note the ReleaseVars(). If you do not see that, please redownload the file, you have a previous beta release. The issue you are having is because that releaseVars is NOT being called, therefore the variables are not being released and it is interfering with autonews.
Please read the commented out sections in the code. There are instructions and explanations in there. |
_________________
http://castlecops.com
<b>Microsoft MVP Windows-Security 2005</b> <img src="http://castlecops.com/zx/Paul/mvp.gif"> |
|
|
|
scandicdiscopub
Sergeant
Joined: Oct 20, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 11:25 am |
|
you where right about not having the releasevars function in it but it still not works after fixing this. |
_________________
All we want is knowledge and if knowledge is power we should be considered dangerous.
http://www.nukeroyal.com|http://www.mexicomiamore.com| |
|
|
|
|
|
