You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 515 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Union Tap Code (UTC) Beta 4 Release
Bug FixesContinuing from our previous articles, this news release takes us to Beta 4 for Union Tap Code (UTC). Beta 4 successfully handles a report by Imperva Application Defense Center that makes use of C-Like comment code masking any kind of SQL Injection code delivered via the URL, not just UNION: Hence the name upgrade from UT to UTC. And here it is...

//Union Tap Code (UTC)
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 4 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
$loc=rawurldecode($_SERVER["QUERY_STRING"]);
//This if block catches C-like comment code within all SQL Injections, not just Union.
//White paper available here: http://www.securiteam.com/securityreviews/5FP0O0KCKM.html
if (strstr($loc,"*")) {
    die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$loc'.");
}
//This catches plaintext and base64 version of the Union SQL Injection code.
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", $loc, $matches)) {
    die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$matches[1]' INSIDE '$loc'.");
}
Posted on Tuesday, April 27 @ 19:10:32 CEST by Zhen-Xjell
 
Related Links
· More about Bug Fixes
· News by Zhen-Xjell


Most read story about Bug Fixes:
Downloads & Web Links vulnerability Patch

Article Rating
Average Score: 2.5
Votes: 8


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by nobleclem on Tuesday, April 27 @ 20:07:56 CEST
(User Info | Send a Message) http://hackerassassins.com
I would like to say that I was hacked again using an SQL injection and using the beta 3 code. So make sure you upgrade to the newest beta 4 as I just have.



Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by chican0 on Wednesday, April 28 @ 07:22:22 CEST
(User Info | Send a Message) http://www.soychicano.com
I too applied the Beta 3 and in the past 24 hours recieved 2 SQL injections on my site. Although it was not like any time before. The "hacker" had to create two new admin accounts(1 GOD and 1 admin) and did not edit any of the previous messages but instead created 3 new messages and only disabled any of the previously active messages. Reverting back to original state was simple.

I hope this Beta 4 does the trick this time.



Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by dmolavi on Wednesday, April 28 @ 10:56:36 CEST
(User Info | Send a Message) http://www.nukedgallery.net
this doesn't work w/ google tap...i got 404 errors after putting this code in my mainfile.php. removing it set everything straight again.



Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by speedx on Wednesday, April 28 @ 14:32:31 CEST
(User Info | Send a Message)
Can we use this one and ravens? Kinda like the hackattempt.php page better than just a slap. Or can you make it redirect to the hack.php page? what would have to be changed?



Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by bohrme on Wednesday, April 28 @ 20:08:11 CEST
(User Info | Send a Message) http://www.eSnider.net
//This catches plaintext and base64 version of the Union SQL Injection code.
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", $loc, $matches))
Would you explain this regular expression and how it catches both plaintext and base64?



Nukecops Security Newsletter? (Score: 1)
by david_cl on Wednesday, April 28 @ 23:48:25 CEST
(User Info | Send a Message)
In case anyone, like me, couldnt find where to place this file, and didnt see the answer in the nested comments, it seems you can just put it at the top of mainfile.php.

Thanks for your work on this stuff, I wonder if you have already considered a "nuke security alert newsletter"? or would that just be giving bullets to the kiddies?



Re: Union Tap Code (UTC) Beta 4 Release (Score: 1)
by Batla (batla@no_spam_shamad.homelinux.com) on Saturday, May 01 @ 13:49:29 CEST
(User Info | Send a Message) http://shamad.homelinux.com
Hi Folks,
Since I implemented the fix, there is no way to access my full size pictures in Coppermine V1.1.

It gives a false >0: YOU ARE SLAPPED BY NUKECOPS BY USING 'popup' INSIDE 'name=coppermine&file=displayimagepopup&pid=824&fullsize=1'.

When removing the 2nd part of the fix:
if(preg_match(" etc...
it is OK..

I let the fix for a little while those of you who want to have a look at it: http://shamad.homelinux.com/modules.php?name=coppermine&file=displayimage&album=random&cat=14&pos=-824

Thanks - Batla


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.067 Seconds - 207 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::