Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

How to patch against remote users creating admins (v6.5)
 View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> phpnuke 6.5
Author Message
VinDSL
Life Cycles Becoming CPU Cycles



Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com
PostPosted: Fri Jul 29, 2005 6:52 pm Reply with quote
You may have seen this 'fix' on NukeResources: http://www.nukefixes.com/ftopicp-6966.html#6966 . It's a nice one!
Here's how to make it work with PHP-Nuke 6.5 (basically a copy 'n' paste with some notes added and a file change...) Wink

open auth.php (not includes/auth.php)

FIND:
Code:
  $result2 = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");


CHANGE TO:
Code:
  //Query added. Used for fix in 'admin.php'&'mainfile.php'.


  //Fix by Quake


  $result2 = $db->sql_query("SELECT name, pwd FROM ".$prefix."_authors WHERE aid='$aid'");



open admin.php

FIND:
Code:
if(!isset($op)) { $op = "adminMain"; }


AFTER ADD:
Code:
//Only 'god' user can 'Edit Admins' in 'Administration Menu' now.


//Fix by Quake & Chatserv


if(isset($op) AND ($op=="mod_authors" OR $op=="modifyadmin" OR $op=="UpdateAuthor" OR $op=="AddAuthor" OR $op=="deladmin2" OR $op=="deladmin" OR $op=="assignstories" OR $op=="deladminconf") AND ($row2['name'] != "God")) {


    die("Illegal Operation");


}



open mainfile.php

FIND:
Code:
 foreach ($_POST as $secvalue) {


    if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {


      die ($htmltags);


    }


  }


}



AFTER ADD:
Code:
//Posting from other servers not allowed now.


//Bug found by PeNdEjO


//Fix by Quake


if ($_SERVER["REQUEST_METHOD"] == "POST") {


if (strlen($_SERVER["HTTP_REFERER"]) > 0) {


if (!ereg("(http://$_SERVER[HTTP_HOST])", $_SERVER["HTTP_REFERER"]) && !ereg("(https://$_SERVER[HTTP_HOST])", $_SERVER["HTTP_REFERER"])) {


    die('Posting from another server not allowed!');


  }


 }


}

_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. 
View user's profile Send private message Visit poster's website ICQ Number
sting
Involved
Involved



Joined: Sep 23, 2003
Posts: 456
Location: Somewhere out there...
PostPosted: Tue Aug 02, 2005 8:20 am Reply with quote
Nice.... Thanks Vin

-sting
 
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> phpnuke 6.5


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©