Core File edits for nukesentinel 2514 using 7.8 nuke

New Member Joined: Nov 22, 2007 Posts: 10

Hi
Im having alot of issues with the core file edits
I was wondering if anyone would give me a link to downloading
main.php
index.php
admin.php
I not sure how much of a security risk that is, i just want to get sentiel installation behind me.Ive spent at least a day trying to do it. and it keeps saying i have syntax error in my core edit files. Cool

If anyone can help me please post

Posted: Thu Nov 22, 2007 8:20 am

If downloading is a problem I would like to show what i am working with. Wich currently has errors.

Posted: Thu Nov 22, 2007 8:23 am

step 1 Main File.php line 85
===============================================

#-----[ FIND ]------------------------------------------
#
if(defined('FORUM_ADMIN')) {
define('INCLUDE_PATH', '../../../');
} elseif(defined('INSIDE_MOD')) {
define('INCLUDE_PATH', '../../');
} else {
define('INCLUDE_PATH', './');
}

@require_once(INCLUDE_PATH."config.php");
@require_once(INCLUDE_PATH."db/db.php");

#
#-----[ AFTER ADD ]------------------------------------------
#
@require_once(INCLUDE_PATH."includes/nukesentinel.php");

Posted: Thu Nov 22, 2007 8:29 am

notice where i add nuke senteniel .php. For some reason if i ad it after
require_once("../../db/db.php");
I get A blank page

also I didn't add an @ sign as well In fornt of
require_once(INCLUDE_PATH."includes/nukesentinel.php");

--------------------------------------------------------------------------------------------------------
if (defined('FORUM_ADMIN')) {
require_once(INCLUDE_PATH."includes/nukesentinel.php");
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif (defined('INSIDE_MOD')) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}
-----------------------------------------------------------------------------------------------------------

Posted: Thu Nov 22, 2007 8:35 am

Step 2 Union Tap mainfile.php
===============================================

//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die();
}

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}

Posted: Thu Nov 22, 2007 8:37 am

I Completely Deleted the following from My MainFile.php
===================================================
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die();
}

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
header("Location: index.php");
die();
}

Posted: Thu Nov 22, 2007 8:39 am

line 490 Mainfile.php

========================================
in function function online() {
#
#-----[ FIND ]------------------------------------------
function online() {
global $user, $cookie, $prefix, $db;
$ip = $_SERVER['REMOTE_ADDR'];

#
#-----[ CHANGE TO ]------------------------------------------
#
function online() {
global $nsnst_const, $user, $cookie, $prefix, $db;
if(!file_exists('includes/nukesentinel.php')) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = $nsnst_const['remote_ip'];
}

Posted: Thu Nov 22, 2007 8:41 am

490-509 mainfile.php
==================================================
function online() {
global $nsnst_const, $user, $cookie, $prefix, $db;
if(!file_exists('includes/nukesentinel.php')) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = $nsnst_const['remote_ip'];
}
$past = time()-3600;
$db->sql_query("DELETE FROM ".$prefix."_session WHERE time < '$past'");
$result = $db->sql_query("SELECT time FROM ".$prefix."_session WHERE uname='$uname'");
$ctime = time();
if ($uname!="") {
$uname = substr("$uname", 0,25);
if ($row = $db->sql_fetchrow($result)) {
$db->sql_query("UPDATE ".$prefix."_session SET uname='$uname', time='$ctime', host_addr='$ip', guest='$guest' WHERE uname='$uname'");
} else {
$db->sql_query("INSERT INTO ".$prefix."_session (uname, time, host_addr, guest) VALUES ('$uname', '$ctime', '$ip', '$guest')");
}
}
}

Posted: Thu Nov 22, 2007 8:51 am

I completely deleted this line as well and thats all the edits i did to mainfile.php
===========================================
if (!defined('ADMIN_FILE')) {
foreach ($_GET as $sec_key => $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
(eregi("$[^>]*\"?[^)]*$", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $sec_key)) ||
(eregi("inside_mod", $sec_key))) {
die ("<center><img src=images/logo.gif> The html tags you attempted to use are not allowed [ <a href=\"javascript:history.go(-1)\">Go Back</a> ]");
}
}

Posted: Thu Nov 22, 2007 8:54 am

If anyone can see an error in my script please reply