NukeC & Download 3000

Hangin' Around Joined: Jul 15, 2004 Posts: 44

NukeC & Download 3000 will not work properly if you have Sentinel 2.13 installed,but it will work with previous version,any idea how to get them to work properly,i tried to disable all the protections in Sentinel but it still stopped them so i try to move it from the mainfile and then it worked,so now I have put Sentinel back online but i want to run these 2 modules

New Member Joined: Jan 27, 2005 Posts: 6

I am having the same issues. I see no fix in over a month. hmmmm. Anyone have any idea?

Posted: Thu Feb 24, 2005 4:12 pm

I haven't looked at either but its most likely something fairly simple.

Posted: Thu Feb 24, 2005 4:22 pm

Yea, I am gonna see what I can figure out but I don't know the sentinel code at all.

Posted: Thu Feb 24, 2005 5:03 pm

Start with the santy code in the includes/sentinel.php the $id variable has been causing grief in a lot of modules.

Posted: Thu Feb 24, 2005 5:38 pm

OK will do, Thanks

Posted: Thu Feb 24, 2005 6:46 pm

Well, it appears that it is the sanity area. I comment out the entire code and downloads3000 works fine. AS far as I can tell, the bad content variable is assigned words that are not part of the incoming URI. I droped it to 1 word then changed it and it still won't let downloads3000 through. The funny part is it doesn't die with the illegal content error. The text comes back from the server with the following error: "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in bla \bla\sql_layer.php line 71"

Now it does have other errors also for different things and then repeats.

Posted: Thu Feb 24, 2005 6:55 pm

Just leave it commented out and find the thread that has the Santy worm (revisited) title there are some mod rewrite protections that will do the same job and not bother your script.

Posted: Thu Feb 24, 2005 6:59 pm

OK here is what I did. I know it is kinda poor code as I am a C++ coder but this worked where the while staement doesn't and it does the same thing only longer. Please tell me if this is any way bad from both functional as well as secure.

Thanks,

D

/********************************************************/
// Stop Santy Worm
$bad_uri_content="perl,rush,chr(,pillar,visualcoder,sess_";
global $REQUEST_URI;
/* $tmp=explode(",",$bad_uri_content);
while(list($id,$uri_content)=each($tmp)) {
if (strpos($REQUEST_URI,$uri_content)) {
die("Illegal Content");
}
}*/

if (strpos($REQUEST_URI, "perl")){
die("Illegal Content");
}
elseif (strpos($REQUEST_URI, "rush")){
die("Illegal Content");
}
elseif (strpos($REQUEST_URI, "chr(")){
die("Illegal Content");
}
elseif (strpos($REQUEST_URI, "pillar")){
die("Illegal Content");
}
elseif (strpos($REQUEST_URI, "pervisualcoder")){
die("Illegal Content");
}
elseif (strpos($REQUEST_URI, "sess_")){
die("Illegal Content");
}

Posted: Wed Mar 30, 2005 4:20 pm

Thanks, that worked.

Posted: Thu Mar 31, 2005 7:13 am

Upgrade to Sentinel 2.2 and you can get rid of the sanity check altogether.