| Author |
Message |
cprompt
Regular
Joined: Jun 08, 2004
Posts: 64
|
 Posted:
Thu Aug 26, 2004 7:49 pm |
|
Sorry for the large image. Wanted to preserve the best view.
Anyone seen that before?
I imagine it is being caused by the string the hacker used. |
| |
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Thu Aug 26, 2004 8:01 pm |
|
It is the string the hacker used and yes I have seen it before and thought I had patched to protect against it showing it's ugly head again.
Can you send me a dump of the nuke_nsnst_ips table including the data so I can test to make a better patch at webmaster(at)nukescripts(dot)net please. |
_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! |
|
 
|
|
cprompt
|
| Posted:
Thu Aug 26, 2004 8:07 pm |
|
Email sent  |
| |
|
|
|
|
BobMarion
|
| Posted:
Thu Aug 26, 2004 8:24 pm |
|
Found it 
Code:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.54 [ru"]
|
I had protected the query string display but not the user agent display. And this user agent has a " in it and threw the hole thing off. I'll make up a patch and post it once I have it done. |
| |
|
|
|
|
cprompt
|
| Posted:
Thu Aug 26, 2004 9:04 pm |
|
Thank you Bob.
As always, great responses from a great group. |
| |
|
|
|
|
BobMarion
|
| Posted:
Thu Aug 26, 2004 9:07 pm |
|
Okay here's the patch. Open admin/modules/sentinel.php in a text editor and find (around line 360):Code: $ua = $getIPs['user_agent'];
echo "<td>".info_img("<b>"._AB_USERAGENT.":</b> $ua<br /><br /><b>"._AB_QUERY.":</b> $qs", r)." <a href='http://ws.arin.net/cgi-bin/whois.pl?queryinput=$lookupip' target='$lookupip'>".$getIPs['ip_addr']."</td>\n";
|
Add this between the two line:Code: $ua = htmlentities($ua, ENT_QUOTES);
|
Should look like:Code: $ua = $getIPs['user_agent'];
$ua = htmlentities($ua, ENT_QUOTES);
echo "<td>".info_img("<b>"._AB_USERAGENT.":</b> $ua<br /><br /><b>"._AB_QUERY.":</b> $qs", r)." <a href='http://ws.arin.net/cgi-bin/whois.pl?queryinput=$lookupip' target='$lookupip'>".$getIPs['ip_addr']."</td>\n";
|
|
| |
|
|
|
|
cprompt
|
| Posted:
Thu Aug 26, 2004 9:15 pm |
|
Done...and FIXED!
Wonderful work Bob! |
| |
|
|
|
|
blith
Client
Joined: Jul 18, 2003
Posts: 977
|
| Posted:
Fri Aug 27, 2004 7:23 am |
|
What damage could that have done if it was not blocked? Thanks. |
| |
|
|
|
|
cprompt
|
| Posted:
Fri Aug 27, 2004 7:50 am |
|
| blith wrote: | | What damage could that have done if it was not blocked? Thanks. |
I don't think it would do any damage. The IP was still blocked, it was simply the display in the Admin panel that was screwy. Just a cosmetic thing I think. |
| |
|
|
|
|
BobMarion
|
| Posted:
Fri Aug 27, 2004 4:10 pm |
|
It was just a display issue on the admin page. It would not have cause any harm other then looking bad on your screen |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
