Trying to install Xfire Module, but banning myself!!

New Member Joined: Dec 08, 2005 Posts: 24 Location: Sweden

Hi there,
I'm trying to install an Xfire module for my clan site so my members can put there Xfire names on it. When I run the install script:
http://yoursite.com/install-xfire.php I get the "Install Xfire Module" and when I click it I get the "Black Screen of Death" saying i'm blocked and "You have attempted to bypass the Filter System on this site"!!! (Luckily being admin it dosen't block me) Is there anyway I can get this to work?

Involved Joined: Dec 27, 2005 Posts: 296

I sometimes have that happen when I click on a new link submissions from my admin in Nuke. I noticed it has to do with the way the URL is being read; its does this double URL thing (i.e. mysite.com/nuke/sitei'mtryingtovisit.com) and sets off the filter warning.
Try clicking 'properties' on the "Install Xfire Module" and paste the URL from properties into your URL bar. That works for me, I don't know if it is what your problem is, but is worth a try.

Posted: Sat Aug 26, 2006 12:54 am

This might be an issue with the use of double http.
Some modules not following the current 'security' way of thinking.
When you click the installer do you see http:// your site.com... http:// somethingelse.com

Posted: Sat Aug 26, 2006 1:35 am

Hi there and thanks for replying.

I've looked at the properties srhh and theres nothing there, just says install-xfire.php.

Guardian, no its single mate. When I click on install xfire mod and I get the black screen of death its: h**p://my-site.com/install-xfire.php?cmd=install

Posted: Sat Aug 26, 2006 1:44 am

Ah thats why. It the cmd - its a banned string as it is commonly used in cross site scripting (XSS) attacks.

You would need to temporarily comment out the include/nukesentinel.php in mainfile.php to run that installer but it would be worth checking the script files to see if they are using that syntax anywhere else.
If they are, the script is not going to work anyway whilst Sentinel is installed.

Posted: Sat Aug 26, 2006 2:16 am

Thanks Guardian for the prompt reply.

I think i'll leave it off my site, The security of my clan site is more important mate! Besides, there are other ways my members could put up their Xfire names, like in the forum.

Thanks once again for you're help

ANT

Posted: Sat Aug 26, 2006 2:17 am

No problem.

registered · Posted: Mon Aug 28, 2006 11:09 am

Actually the script itself is not a security concern. Just change all references in that file from "cmd" to "cmd2" (or whatever you perfer). Just remember to delete the script afterword

Posted: Mon Aug 28, 2006 12:00 pm

Actualy, yes that would work as Sentinel looks for the sequence c m d = so changing all references as Evaders suggested to cmd2= should get you working.

I checled a couple of the regular sites I visit and couldn't find any vulnerabilities listed for that script which have not been addressed.

Posted: Mon Aug 28, 2006 11:45 pm

Thanks guys its worked!!

I changed the references as you said evaders to cmd2 and it installed no problem, then deleted the file.

Thanks also Guardian for checking for any vulnerabilities with this script, this should keep my "brood" happy!!