You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 291 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Getting banned for sql injections [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
FuZZyLoGic
Nuke Soldier
Nuke Soldier


Joined: Jul 16, 2004
Posts: 11


PostPosted: Tue Jul 27, 2004 4:18 am Reply with quoteBack to top

This has happened to me and one of my admins. Both of us were posting in the forum he was using the
Code:
[code][/code]
and I was using bold.
Why is this happening?

I want admin secure to protect against sql injections but it should not be banning users for using bb code in a forum post Confused
Find all posts by FuZZyLoGicView user's profileSend private message
FuZZyLoGic
Nuke Soldier
Nuke Soldier


Joined: Jul 16, 2004
Posts: 11


PostPosted: Tue Jul 27, 2004 4:27 am Reply with quoteBack to top

Furthermore I went to the sql and emptied the xxx_ban_system table so I could get back on my site. Went back to my browser (it was still open) and attempted to submit the exact same post (no modifications made) and it let me!!! Why would it see the post as an sql injection one time and fine the 2nd. Something is not right here.

FuZZyLoGic
Find all posts by FuZZyLoGicView user's profileSend private message
FuZZyLoGic
Nuke Soldier
Nuke Soldier


Joined: Jul 16, 2004
Posts: 11


PostPosted: Tue Jul 27, 2004 4:28 am Reply with quoteBack to top

A further thought this just started once I installed this new bbcode box addon mod. Maybe its related? Like I said it doesnt happen 100% of the time but its a thought.
Find all posts by FuZZyLoGicView user's profileSend private message
FuZZyLoGic
Nuke Soldier
Nuke Soldier


Joined: Jul 16, 2004
Posts: 11


PostPosted: Tue Jul 27, 2004 4:35 am Reply with quoteBack to top

hehe and just in case here is what it logged

27-Jul-2004 05:12:43 xx.xxx.xxx.xxx SQL Injection Attempt /modules.php helpbox
Find all posts by FuZZyLoGicView user's profileSend private message
madman
Support Mod
Support Mod


Joined: Feb 15, 2004
Posts: 806


PostPosted: Tue Jul 27, 2004 10:04 am Reply with quoteBack to top

Try to upgrade to v1.7. If the problem persists, I want to know whenever your forum module name is something else than "Forums".

_________________
I'm Image
Find all posts by madmanView user's profileSend private messageVisit poster's websiteYahoo MessengerMSN Messenger
FuZZyLoGic
Nuke Soldier
Nuke Soldier


Joined: Jul 16, 2004
Posts: 11


PostPosted: Tue Jul 27, 2004 11:04 am Reply with quoteBack to top

Yes I am using 1.7, I will try to find out for ya somebody just got banned again, I have been adding peopel left and right to the exempt list which really does not fix the problem. It seems unpredictable at best but I know its bbcode while making a post in the forum that is triggering it. I have the bbcode box addon from here

Code:
http://www.codezwiz.com/download-file-180.html#dl


It was after installing that that this started happening. Once it was from the code command once from using bold and this last time the member was trying to use the seperator line.


If you installed that addon you may be able to reproduce the problem..
??

FuZZyLoGic
Find all posts by FuZZyLoGicView user's profileSend private message
madman
Support Mod
Support Mod


Joined: Feb 15, 2004
Posts: 806


PostPosted: Tue Jul 27, 2004 12:38 pm Reply with quoteBack to top

Thanks for the report. Smile
This is a temporary quick solution for you. Open "includes/asfunc.php" file and find this line:
Code:
if(eregi('\.(gif|jpg|jpeg|png|tga|bmp|xbm)$',$imgurl)){continue;}

After, add:
Code:
if(!eregi('\.[a-zA-Z]{1,4}$',$imgurl)){continue;}


If this still doesn't work, please let me know.

However, I'm still curious since this is not "SQL Injection" method as you mentioned before. Admin Secure should reported this as "Illegal HTML Tags" usage.

_________________
I'm Image
Find all posts by madmanView user's profileSend private messageVisit poster's websiteYahoo MessengerMSN Messenger
FuZZyLoGic
Nuke Soldier
Nuke Soldier


Joined: Jul 16, 2004
Posts: 11


PostPosted: Wed Jul 28, 2004 1:06 am Reply with quoteBack to top

thanks madman I will try your fix but I agree the html tags error would make much more sense. hmm btw another user just got banned for editing a post lol, I will install this fix though and see if it solves the problem. btw I am using Nuke 7.3 and phpbb 2.0.10

FuZZy
Find all posts by FuZZyLoGicView user's profileSend private message
FuZZyLoGic
Nuke Soldier
Nuke Soldier


Joined: Jul 16, 2004
Posts: 11


PostPosted: Wed Jul 28, 2004 1:40 am Reply with quoteBack to top

haha k that didnt take long, the fix didnt work it seems Sad The user was replying to a thread with plain text and one smiley and was banned for sql injections again.

the link looked like so:

Code:
http://www.xxxxx.net/modules.php?name=Forums&file=posting&mode=reply&t=295

thes error was this:

28-Jul-2004 02:33:43 xx.xxx.xxx.xxx SQL Injection Attempt /modules.php helpbox

I am going to pm you my site url and logon for an account so you can try it first hand I will include my email as well as the email of another trusted admin that can also lift bans.

thanks for your time
FuZZyLoGic
Find all posts by FuZZyLoGicView user's profileSend private message
FuZZyLoGic
Nuke Soldier
Nuke Soldier


Joined: Jul 16, 2004
Posts: 11


PostPosted: Wed Jul 28, 2004 5:39 am Reply with quoteBack to top

Also I noticed that though I was excluding ips I was not seeing a record there in the interfaces of people I had excluded and so I checked the table.... The exlude_system table is empty is that where it should be storing this data?
Find all posts by FuZZyLoGicView user's profileSend private message
FuZZyLoGic
Nuke Soldier
Nuke Soldier


Joined: Jul 16, 2004
Posts: 11


PostPosted: Wed Jul 28, 2004 6:28 am Reply with quoteBack to top

s**t i guess its banning members for attempting to submit news as well. I cant nail down what is causing this, but its claiming its an SQL injection.
Find all posts by FuZZyLoGicView user's profileSend private message
FuZZyLoGic
Nuke Soldier
Nuke Soldier


Joined: Jul 16, 2004
Posts: 11


PostPosted: Wed Jul 28, 2004 7:37 am Reply with quoteBack to top

Ok its not an issue with that mod or bbcode or even the news post. Apparently you are looking for certain key words in ur script combinations of update and set will ban you!!!

For example i can submit a story or a forum post containing:
update blah blah set

and I will be banned for sql injection this certainly should not happen especially since table names cant even have spaces. I am going to disable this feature until you figure out some sort of a fix.

FuZZyLoGic
Find all posts by FuZZyLoGicView user's profileSend private message
FuZZyLoGic
Nuke Soldier
Nuke Soldier


Joined: Jul 16, 2004
Posts: 11


PostPosted: Wed Jul 28, 2004 7:47 am Reply with quoteBack to top

Ok madman an update, this only happens if the deepscanning feature is on, if you have deepscanning disabled everything works fine!! I see that you warned it can trigger false alarms but wow thats a little extreme Very Happy

Ok well thanks for your help I woul still like a reply on why my exclusion table does not update when I submit an ip, it goes through the motions but does not actually add it to the db.

Thanks,
FuZZyLoGic
Find all posts by FuZZyLoGicView user's profileSend private message
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.138 Seconds - 294 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::