 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 429 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Union Tap - Beta 2 - Stop UNION Injections |
|
 In an earlier press release, I had issued a first Beta fix to fight back Union SQL Injections in Plain Text and Base64 encoding. As mentioned for the initial Beta, false positives were expected. Thanks to you folks, Beta 2 is now available for testing. It eliminates many of those false positives. For those daring to test it, I await your replies.
To install it, open mainfile.php and after the first line: <php please install the following code, or replace the initial Beta with this version of Beta 2 (now coined 'Union Tap'):
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 2 Code to prevent UNION SQL Injections delivered in Plaintext or Base64.
if (preg_match("/([dW5pb24VUJT0uniNIO]{5})/", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$matches[1]' INSIDE '$loc'.");
}
|
|
Posted on Saturday, April 24 @ 09:24:24 CEST by Zhen-Xjell |
|
|
|
|
| |
|
Average Score: 2.33
Votes: 9
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Union Tap Beta 2 and raven's hackattempt (Score: 1)
by akis on Saturday, April 24 @ 10:15:23 CEST
(User Info | Send a Message) | Hi,
ZX's union tap beta 1 code could be included in raven's hackalert code.
ZX's union tap beta 2 code can be included in raven's hackalert code?
Thanks |
| | | | |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by DivideByZero on Saturday, April 24 @ 11:08:28 CEST
(User Info | Send a Message) http://www.ForwardObserver.us | | A user trying to activate his account on my site says that he go the alert after I installed the new code.
This is the modified URL: http://www.website.com/modules.php?name=Your_Account&op=activate&username=USERNAME&check_num=160c58a5b5524c8346a74911a57defa9
|
| | | | |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by foxyfemfem on Saturday, April 24 @ 12:06:01 CEST
(User Info | Send a Message) | Hello ZX,
The first beta 1 code would not allow me access my forum admin and this one beta 2 will not allow me to access my forum admin.
This is the message that I receive whenever I try to access the forum admin section....
(left frame) YOU ARE SLAPPED BY NUKECOPS BY USING 'd45b5' INSIDE 'pane=left&sid=c1d97e5ac422d72c2fe8241e60ad45b5'
(right frame) YOU ARE SLAPPED BY NUKECOPS BY USING 'd45b5' INSIDE 'pane=right&sid=c1d97e5ac422d72c2fe8241e60ad45b5'.
I think the beta 1 & 2 are rejecting the SID that is inside the modules/Forums/admin/index.php file |
| | | | |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by Brujo on Sunday, April 25 @ 11:03:04 CEST
(User Info | Send a Message) | cool... 3 Lines of credits for a beta code, what we have to expect if it´s not more beta ?
got you not inough credits in the last time ? maybe it´s because nukecops shows his true face in the last weeks when it was not reachable for the community...
|
| | | | |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by wgwara on Sunday, April 25 @ 15:36:04 CEST
(User Info | Send a Message) | | New user can't activate his account sometimes when this Beta 2 check is active. The URL which is being stopped is http://my_site/modules.php?name=Your_Account&op=activate&username=wiciu&check_num=4272e86ca1344ec053496584e722420c |
| | | | |
Re: Union Tap - Beta 2 - Stop UNION Injections (Score: 1)
by robertr994 on Sunday, April 25 @ 18:18:43 CEST
(User Info | Send a Message) | | the hack seems to work but I keep getting slapped when I try to view the forum on my site. will try beta 3 when it comes out |
| | | | | |
|
