You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 143 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Tabs and CRLF check in regex [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Tabs and CRLF check in regex
 
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Fortress™
View previous topic Log in to check your private messages View next topic
Author Message
madman
Support Mod
Support Mod


Joined: Feb 15, 2004
Posts: 806
PostPosted: Sat May 29, 2004 3:33 am Reply with quoteBack to top
ZX, this post originally a reply in Sentinel forum.

Quote:
Fortress not only filters on SPACES, but it also filters on HORIZONTAL TABS and CRLFs


ZX, if I may suggest to your upcoming UTC/Fortress code, there more than tabs and crlf can be used to replace whitespaces.
Some prove of concepts:

union%09select...
union%0aselect...
union%0dselect...
union%0a%0dselect... (notice it isn't crlf but lfcr)
union%7fselect... (non-braking space)

There's another control characters can also be used. To prevent this, you may consider to use \W in regex pattern.

Quote:
Admin Secure I've heard nothing but great things about. Unfortunately it doesn't seem to carry a big enough marketing scheme. Which is why I'm hoping the forum and more news on it will help it grow. (Correct me if I'm wrong madman)


Admin Secure as far as I know isn't much as popular as Fortress, Protector System, Admin Tap, NukeHackerTraps, Chatserv's patches, and others. I'm not so sure how many nuke admins using this addon. From site's log, most Admin Secure downloads are coming from Germany and Brazil.
Find all posts by madmanView user's profileSend private messageVisit poster's websiteYahoo MessengerMSN Messenger
Zhen-Xjell
Nuke Cops Founder
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939
PostPosted: Sat May 29, 2004 5:18 am Reply with quoteBack to top
Thanks madman, Fortress already takes into consideration any combination of crlf, and horizontal tabs, and spaces but not yet non-braking space. My question about that is its usefulness in a sql query?

As for the products of this class, I believe they are only my fortress, bob's sentinel, your admin secure, and mister's protector.

_________________
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Find all posts by Zhen-XjellView user's profileSend private messageSend e-mailVisit poster's website
madman
Support Mod
Support Mod


Joined: Feb 15, 2004
Posts: 806
PostPosted: Sat May 29, 2004 9:34 am Reply with quoteBack to top
Zhen-Xjell wrote:
Thanks madman, Fortress already takes into consideration any combination of crlf, and horizontal tabs, and spaces but not yet non-braking space. My question about that is its usefulness in a sql query?


I do tests with some "abnormal" characters either thru GET or POST methods, and surprisely mySQL seem treating non-breaking space (char 0x7F) as normal space. I also do some tests with common control characters (0x00 thru 0x31) and some of them can be passed successfully into SQL queries. I have testing this in mySQL only. We need some feedbacks from users with non-mySQL DBs.

Zhen-Xjell wrote:
As for the products of this class, I believe they are only my fortress, bob's sentinel, your admin secure, and mister's protector.


NSN Secure Admin might also in this category because it strengthening admin and user account's areas. Nuke HackerTraps especially to block SQL Injection attempts.
Find all posts by madmanView user's profileSend private messageVisit poster's websiteYahoo MessengerMSN Messenger
Zhen-Xjell
Nuke Cops Founder
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939
PostPosted: Sat May 29, 2004 10:13 am Reply with quoteBack to top
I'll run some tests then with that control character and see what turns up.

_________________
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Find all posts by Zhen-XjellView user's profileSend private messageSend e-mailVisit poster's website
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Fortress™
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.583 Seconds - 82 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::