| Author |
Message |
genoxide
Sergeant
Joined: Jun 19, 2003
Posts: 80
|
 Posted:
Thu Apr 29, 2004 11:27 am |
  |
I've re-installed this addon but still the same.. |
_________________
 |
|
    |
|
rasputin
Sergeant
Joined: May 30, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 11:46 am |
|
I already had the code. SOrry, don't want to sound like a dummy , but that was the first thing I tried.
Since it's not just a one person having problem I'm willing to e-mail my mainfile.php to someone at this site for checking. Maybe problem is easily visible once the file is seen. If this is an option please let me know ... |
|
|
|
|
IACOJ
Major
Joined: Jan 15, 2003
Posts: 1269
Location: USA
|
| Posted:
Thu Apr 29, 2004 11:59 am |
|
Hi can you please upload it into your upload folder as a txt file. Also please upload fortress as a txt file. Let me know its there, we'll check it straight away. |
_________________
http://castlecops.com
<b>Microsoft MVP Windows-Security 2005</b> <img src="http://castlecops.com/zx/Paul/mvp.gif"> |
|
|
|
rasputin
Sergeant
Joined: May 30, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 12:11 pm |
|
Done. It's uploaded. I also added readme.txt with some aditional comments.
Thanks for your help. |
|
|
|
|
scandicdiscopub
Sergeant
Joined: Oct 20, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 12:22 pm |
|
|
|
|
rasputin
Sergeant
Joined: May 30, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 12:46 pm |
|
Well, I got to get off work  sorry if I will not be able to verify/test anything you will come up with, until possibly tomorrow.
My only request (if it's even nessesary) - any site specific info from my files not to be posted in topic. Too many willing people that read this forums ...
Thanks. |
|
|
|
|
zanis
Lieutenant
Joined: Aug 21, 2003
Posts: 213
|
| Posted:
Thu Apr 29, 2004 1:59 pm |
|
Hi all,
Please note that you need to add this line in the UNION TAP code that you CUT and PASTE into your mainfile as mentioned in this thread.
Could someone please tell the authors of fortress that they need to add this?
| Code: |
| $loc=rawurldecode($_SERVER["QUERY_STRING"]); |
Cheers
Zanis |
|
|
|
|
rasputin
Sergeant
Joined: May 30, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 2:03 pm |
|
| zanis wrote: |
Hi all,
Please note that you need to add this line in the UNION TAP code that you CUT and PASTE into your mainfile as mentioned in this thread.
Could someone please tell the authors of fortress that they need to add this?
| Code: |
| $loc=rawurldecode($_SERVER["QUERY_STRING"]); |
Cheers
Zanis |
Could you paste the full code here ... not sure where it goes ...
Thanks |
|
|
|
|
scandicdiscopub
Sergeant
Joined: Oct 20, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 2:19 pm |
|
This is from Fortress.php from line 121.
| Code: |
$loc=rawurldecode($_SERVER["QUERY_STRING"]);
$server=$_SERVER["SERVER_NAME"];
$rawloc=$_SERVER["QUERY_STRING"];
//here id say
$loc=rawurldecode($_SERVER["QUERY_STRING"]);
//
$addr=$_SERVER["REMOTE_ADDR"];
$refer=$_SERVER["HTTP_REFERER"];
$agents=$_SERVER["HTTP_USER_AGENT"];
$cookiess=explode(":", base64_decode($_COOKIE["user"]));
$authorss=explode(":", base64_decode($_COOKIE["admin"]));
$rawuri=$_SERVER["REQUEST_URI"];
$uri=rawurldecode($_SERVER["REQUEST_URI"]);
$port=$_SERVER["REMOTE_PORT"];
$host=$_SERVER["REMOTE_HOST"];
|
checking now |
|
|
|
|
scandicdiscopub
Sergeant
Joined: Oct 20, 2003
Posts: 88
|
| Posted:
Thu Apr 29, 2004 2:21 pm |
|
|
|
|
Imagination
Sergeant
Joined: Oct 19, 2003
Posts: 132
|
| Posted:
Thu Apr 29, 2004 3:09 pm |
|
hmm i have the same problem too,
but i did notice one of the other posts saying they use protector i also have thi sinstaleld all latest patches blah blah blah and its def inserted correctly ...
could it perhaps be a clash with protecter somewhere down the line |
|
|
|
|
foxyfemfem
Support Staff
Joined: Jan 23, 2003
Posts: 668
Location: USA
|
| Posted:
Thu Apr 29, 2004 5:09 pm |
|
|
|
|
zanis
Lieutenant
Joined: Aug 21, 2003
Posts: 213
|
| Posted:
Thu Apr 29, 2004 6:23 pm |
|
Hi all,
foxyfemfem I have also been affected by the use of common variable names in the fortress code. Could we please get the author to change the local vars so they do not affect the rest of nuke?
Cheers
Zanis
P.s - I suppose this is the reason why some people do not like globals! |
|
|
|
|
foxyfemfem
Support Staff
Joined: Jan 23, 2003
Posts: 668
Location: USA
|
| Posted:
Thu Apr 29, 2004 6:43 pm |
|
Hello,
What version of nuke are you using? I'm using 7.2 and everything work perfect with the common variables. The only problem I had was the $subject and I comment it out, therefore I can post stories with the right "subject" title. According to my website everything else is A-Ok |
_________________
If you shoot for the moon and miss, you'll still be amongst the stars. |
|
|
|
Dunderklumpen
Corporal
Joined: Apr 25, 2003
Posts: 53
Location: Sweden
|
| Posted:
Thu Apr 29, 2004 11:02 pm |
|
I can confirm that. The subject is still being changed.
The previous code however does work - at least it does not interfer with PhpNuke. This is the code:
//Union Tap Code (UTC)
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 4 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
$loc=rawurldecode($_SERVER["QUERY_STRING"]);
//This if block catches C-like comment code within all SQL Injections, not just Union.
//White paper available here: http://www.securiteam.com/securityreviews/5FP0O0KCKM.html
if (strstr($loc,"*")) {
die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$loc'.");
}
//This catches plaintext and base64 version of the Union SQL Injection code.
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", $loc, $matches)) {
die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$matches[1]' INSIDE '$loc'.");
}
Removing the new code and replacing it with this one restores functionality. However I can not be the judge of how good it is or how good the protection is, but it is the previous version. Using 6.0 myself. |
|
|
    |
|
|
|
