 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 158 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Union Tap Code (UTC) Beta 4 Release |
|
 Continuing from our previous articles, this news release takes us to Beta 4 for Union Tap Code (UTC). Beta 4 successfully handles a report by Imperva Application Defense Center that makes use of C-Like comment code masking any kind of SQL Injection code delivered via the URL, not just UNION: Hence the name upgrade from UT to UTC. And here it is...
//Union Tap Code (UTC)
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 4 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
$loc=rawurldecode($_SERVER["QUERY_STRING"]);
//This if block catches C-like comment code within all SQL Injections, not just Union.
//White paper available here: http://www.securiteam.com/securityreviews/5FP0O0KCKM.html
if (strstr($loc,"*")) {
die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$loc'.");
}
//This catches plaintext and base64 version of the Union SQL Injection code.
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", $loc, $matches)) {
die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$matches[1]' INSIDE '$loc'.");
}
|
|
Posted on Tuesday, April 27 @ 19:10:32 CEST by Zhen-Xjell |
|
|
|
|
| |
|
Average Score: 2.5
Votes: 8
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by nobleclem on Tuesday, April 27 @ 20:07:56 CEST
(User Info | Send a Message) http://hackerassassins.com | | I would like to say that I was hacked again using an SQL injection and using the beta 3 code. So make sure you upgrade to the newest beta 4 as I just have. |
| | | | |
Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by chican0 on Wednesday, April 28 @ 07:22:22 CEST
(User Info | Send a Message) http://www.soychicano.com | I too applied the Beta 3 and in the past 24 hours recieved 2 SQL injections on my site. Although it was not like any time before. The "hacker" had to create two new admin accounts(1 GOD and 1 admin) and did not edit any of the previous messages but instead created 3 new messages and only disabled any of the previously active messages. Reverting back to original state was simple.
I hope this Beta 4 does the trick this time. |
| | | | |
Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by dmolavi on Wednesday, April 28 @ 10:56:36 CEST
(User Info | Send a Message) http://www.nukedgallery.net | | this doesn't work w/ google tap...i got 404 errors after putting this code in my mainfile.php. removing it set everything straight again. |
| | | | |
Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by speedx on Wednesday, April 28 @ 14:32:31 CEST
(User Info | Send a Message) | | Can we use this one and ravens? Kinda like the hackattempt.php page better than just a slap. Or can you make it redirect to the hack.php page? what would have to be changed? |
| | | | |
Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by bohrme on Wednesday, April 28 @ 20:08:11 CEST
(User Info | Send a Message) http://www.eSnider.net | //This catches plaintext and base64 version of the Union SQL Injection code.
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", $loc, $matches))
Would you explain this regular expression and how it catches both plaintext and base64? |
| | | | |
Nukecops Security Newsletter? (Score: 1)
by david_cl on Wednesday, April 28 @ 23:48:25 CEST
(User Info | Send a Message) | In case anyone, like me, couldnt find where to place this file, and didnt see the answer in the nested comments, it seems you can just put it at the top of mainfile.php.
Thanks for your work on this stuff, I wonder if you have already considered a "nuke security alert newsletter"? or would that just be giving bullets to the kiddies? |
| | | | |
Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by Batla (batla@no_spam_shamad.homelinux.com) on Saturday, May 01 @ 13:49:29 CEST
(User Info | Send a Message) http://shamad.homelinux.com | Hi Folks,
Since I implemented the fix, there is no way to access my full size pictures in Coppermine V1.1.
It gives a false >0: YOU ARE SLAPPED BY NUKECOPS BY USING 'popup' INSIDE 'name=coppermine&file=displayimagepopup&pid=824&fullsize=1'.
When removing the 2nd part of the fix:
if(preg_match(" etc...
it is OK..
I let the fix for a little while those of you who want to have a look at it: http://shamad.homelinux.com/modules.php?name=coppermine&file=displayimage&album=random&cat=14&pos=-824
Thanks - Batla |
| | | | | |
|
