| Author |
Message |
FuZZyLoGic
Nuke Soldier
Joined: Jul 16, 2004
Posts: 11
|
 Posted:
Tue Jul 27, 2004 4:18 am |
  |
This has happened to me and one of my admins. Both of us were posting in the forum he was using the and I was using bold.
Why is this happening?
I want admin secure to protect against sql injections but it should not be banning users for using bb code in a forum post  |
|
|
   |
|
FuZZyLoGic
Nuke Soldier
Joined: Jul 16, 2004
Posts: 11
|
| Posted:
Tue Jul 27, 2004 4:27 am |
|
Furthermore I went to the sql and emptied the xxx_ban_system table so I could get back on my site. Went back to my browser (it was still open) and attempted to submit the exact same post (no modifications made) and it let me!!! Why would it see the post as an sql injection one time and fine the 2nd. Something is not right here.
FuZZyLoGic |
|
|
|
|
FuZZyLoGic
Nuke Soldier
Joined: Jul 16, 2004
Posts: 11
|
| Posted:
Tue Jul 27, 2004 4:28 am |
|
A further thought this just started once I installed this new bbcode box addon mod. Maybe its related? Like I said it doesnt happen 100% of the time but its a thought. |
|
|
|
|
FuZZyLoGic
Nuke Soldier
Joined: Jul 16, 2004
Posts: 11
|
| Posted:
Tue Jul 27, 2004 4:35 am |
|
hehe and just in case here is what it logged
27-Jul-2004 05:12:43 xx.xxx.xxx.xxx SQL Injection Attempt /modules.php helpbox |
|
|
|
|
madman
Support Mod
Joined: Feb 15, 2004
Posts: 806
|
| Posted:
Tue Jul 27, 2004 10:04 am |
|
Try to upgrade to v1.7. If the problem persists, I want to know whenever your forum module name is something else than "Forums". |
_________________
I'm  |
|
   |
|
FuZZyLoGic
Nuke Soldier
Joined: Jul 16, 2004
Posts: 11
|
| Posted:
Tue Jul 27, 2004 11:04 am |
|
Yes I am using 1.7, I will try to find out for ya somebody just got banned again, I have been adding peopel left and right to the exempt list which really does not fix the problem. It seems unpredictable at best but I know its bbcode while making a post in the forum that is triggering it. I have the bbcode box addon from here
| Code: |
| http://www.codezwiz.com/download-file-180.html#dl |
It was after installing that that this started happening. Once it was from the code command once from using bold and this last time the member was trying to use the seperator line.
If you installed that addon you may be able to reproduce the problem..
??
FuZZyLoGic |
|
|
|
|
madman
Support Mod
Joined: Feb 15, 2004
Posts: 806
|
| Posted:
Tue Jul 27, 2004 12:38 pm |
|
Thanks for the report. 
This is a temporary quick solution for you. Open "includes/asfunc.php" file and find this line:
| Code: |
| if(eregi('\.(gif|jpg|jpeg|png|tga|bmp|xbm)$',$imgurl)){continue;} |
After, add:
| Code: |
| if(!eregi('\.[a-zA-Z]{1,4}$',$imgurl)){continue;} |
If this still doesn't work, please let me know.
However, I'm still curious since this is not "SQL Injection" method as you mentioned before. Admin Secure should reported this as "Illegal HTML Tags" usage. |
_________________
I'm |
|
|
|
FuZZyLoGic
Nuke Soldier
Joined: Jul 16, 2004
Posts: 11
|
| Posted:
Wed Jul 28, 2004 1:06 am |
|
thanks madman I will try your fix but I agree the html tags error would make much more sense. hmm btw another user just got banned for editing a post lol, I will install this fix though and see if it solves the problem. btw I am using Nuke 7.3 and phpbb 2.0.10
FuZZy |
|
|
|
|
FuZZyLoGic
Nuke Soldier
Joined: Jul 16, 2004
Posts: 11
|
| Posted:
Wed Jul 28, 2004 1:40 am |
|
haha k that didnt take long, the fix didnt work it seems  The user was replying to a thread with plain text and one smiley and was banned for sql injections again.
the link looked like so:
| Code: |
| http://www.xxxxx.net/modules.php?name=Forums&file=posting&mode=reply&t=295 |
thes error was this:
28-Jul-2004 02:33:43 xx.xxx.xxx.xxx SQL Injection Attempt /modules.php helpbox
I am going to pm you my site url and logon for an account so you can try it first hand I will include my email as well as the email of another trusted admin that can also lift bans.
thanks for your time
FuZZyLoGic |
|
|
|
|
FuZZyLoGic
Nuke Soldier
Joined: Jul 16, 2004
Posts: 11
|
| Posted:
Wed Jul 28, 2004 5:39 am |
|
Also I noticed that though I was excluding ips I was not seeing a record there in the interfaces of people I had excluded and so I checked the table.... The exlude_system table is empty is that where it should be storing this data? |
|
|
|
|
FuZZyLoGic
Nuke Soldier
Joined: Jul 16, 2004
Posts: 11
|
| Posted:
Wed Jul 28, 2004 6:28 am |
|
s**t i guess its banning members for attempting to submit news as well. I cant nail down what is causing this, but its claiming its an SQL injection. |
|
|
|
|
FuZZyLoGic
Nuke Soldier
Joined: Jul 16, 2004
Posts: 11
|
| Posted:
Wed Jul 28, 2004 7:37 am |
|
Ok its not an issue with that mod or bbcode or even the news post. Apparently you are looking for certain key words in ur script combinations of update and set will ban you!!!
For example i can submit a story or a forum post containing:
update blah blah set
and I will be banned for sql injection this certainly should not happen especially since table names cant even have spaces. I am going to disable this feature until you figure out some sort of a fix.
FuZZyLoGic |
|
|
|
|
FuZZyLoGic
Nuke Soldier
Joined: Jul 16, 2004
Posts: 11
|
| Posted:
Wed Jul 28, 2004 7:47 am |
|
Ok madman an update, this only happens if the deepscanning feature is on, if you have deepscanning disabled everything works fine!! I see that you warned it can trigger false alarms but wow thats a little extreme 
Ok well thanks for your help I woul still like a reply on why my exclusion table does not update when I submit an ip, it goes through the motions but does not actually add it to the db.
Thanks,
FuZZyLoGic |
|
|
|
|
|
|
