strange problem by writing special words in forum or topics

New Member Joined: Mar 19, 2006 Posts: 7

hello together, hope you will excuse my question written in very basic english, because it isn´t my native language

I´m using phpnuke 7.6 and I intregrated the security patches. I´m temporily using an installation without sentinel. my forum module is up to date (2.0.19).
everything works fine and users are can write articles and news.

but one thing doens´t work:

if a line, equal if it is a forum topic or a news topic, contains the german word Union and it is followed by another word, the phpnuke leads me by sending the entry to the main page without adding the posting or topic.

perhaps these small eaxamples will make it easier to follow me (written german text):

Quote:

Union

ok

Quote:

Union hat verloren.

ok

Quote:

Die Mannschaft von Union hat verloren.

not ok

short: if there is a word before and behind the word Union it doesn´t work, because I´m only redirected to the main page of the phpnuke.

I tried to find some usefull hints on a german community (warp-speed) and I found someone who tested it with his installation - he got the same "bug".

hope someone will be able to fix this or is able to give me some hints where to find the problem.

thank you for reading

Posted: Sun Mar 19, 2006 1:58 pm

I am the tester with the same problem. I use RavenNuke76 with an activated Sentinel.

registered · Posted: Sun Mar 19, 2006 4:33 pm

Yes the security patches block that. You have to disable the code in mainfile.php

Raven, something we want to do for RavenNuke? Sentinel should have the proper filters

registered · Posted: Sun Mar 19, 2006 4:37 pm

We have an Issue logged for this and Raven has it assigned to him, but it could be a major undertaking. For now, this is known behaviour that is now fairly well documented in these forums. Wink

Posted: Sun Mar 19, 2006 4:39 pm

evaders99 wrote:

Yes the security patches block that. You have to disable the code in mainfile.php

Can you explain what brainless have to do?

Posted: Mon Mar 20, 2006 12:48 am

@evaders99 - any information about this code?

I have to remove it as fast as possible, because the page is for our soccer leguage and one of the top teams has Union in it´s team name.
I´m not able to post any reports of the game or any tables.

thank you

Posted: Mon Mar 20, 2006 5:19 am

ok - one more thing I found out - the problem seems to be the union security patch.

according to these entries in the mainfile.php

Code:




//Union Tap


//Copyright Zhen-Xjell 2004 http://nukecops.com


//Code to prevent UNION SQL Injections


unset($matches);


unset($loc);


if(isset($_SERVER['QUERY_STRING'])) {


  if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {


    die('Illegal Operation');


  }


}








// This block of code makes sure $admin and $user are COOKIES


if((isset($admin) && $admin != $_COOKIE['admin']) OR (isset($user) && $user != $_COOKIE['user'])) {


  die("Illegal Operation");


}





// We want to use the function stripos,


// but thats only available since PHP5.


// So we cloned the function...


if(!function_exists('stripos')) {


  function stripos_clone($haystack, $needle, $offset=0) {


    return strpos(strtoupper($haystack), strtoupper($needle), $offset);


  }


} else {


// But when this is PHP5, we use the original function


  function stripos_clone($haystack, $needle, $offset=0) {


    return stripos($haystack, $needle, $offset=0);


  }


}





// Additional security (Union, CLike, XSS)


if(!file_exists('includes/nukesentinel.php')) {


  if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {


    $queryString = $_SERVER['QUERY_STRING'];


    if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {


      die('Illegal Operation');


    }


  }


}





if(isset($admin) && $admin == $_COOKIE['admin'])


{


   $admin = base64_decode($admin);


   $admin = addslashes($admin);


   $admin = base64_encode($admin);


}





if(isset($user) && $user == $_COOKIE['user'])


{


   $user = base64_decode($user);


   $user = addslashes($user);


   $user = base64_encode($user);


}

it seems to be ok that the posting is filtered.
but in this case the word union is needed for the content of the page.

so my question to you is how to modify this code in order to use this term?

Posted: Mon Mar 20, 2006 5:49 am

I believe Evaders may have been referring to commenting out NukeSentinel in mainfile.php... but don't quote me on that. Laughing

Posted: Mon Mar 20, 2006 7:16 am

but i don´t use sentinel ... the code above was integrated by the main security patches (chatserv patch version 3.1 ?!). don´t think it exists in the main phpnuke 7.6. but it seems as if it has to be there because the union exploit.

Posted: Mon Mar 20, 2006 8:12 am

Oh, sorry about that. I have read elsewhere on these boards that some of those security checks are not the best. Unfortunately, though, I don't know of an alternative other than NukeSentinel.

Posted: Mon Mar 20, 2006 8:47 am

I can´t follow you ... I think the patch 3.1 (actual one would be the 3.2) is a official update (found it at www.nukeresources.com)

Posted: Mon Mar 20, 2006 12:41 pm

Delete this part

Code:




stripos_clone($queryString,'%20union%20')

Posted: Mon Mar 20, 2006 1:22 pm

I deleted

stripos_clone($queryString,'%20union%20')

in the line and uploaded file again. nothing changed. script works, but if there is a word before and after union I´m redirected to startpage.

Sad

Posted: Mon Mar 20, 2006 6:09 pm

Try also..

Code:




stripos_clone($queryString,'*/union/*')





stripos_clone($queryString,'+union+')