[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <008501c38b7c$67059310$050010ac@rootserver>
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro)
Subject: Do not use the fix in lib-common.php . use in lib-security.php at /system/ dir
If you use the fix in your lib-common.php you will damage your geeklog
installation.
Use instead in lib-security.php ;-) at the [your geeklog core files , not
html]/system
Include the fix after <?php tag.
----- THE FIX ----
foreach ($HTTP_GET_VARS as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*span*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*h1*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*table*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*body*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*pre*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*em*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*input*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*td*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*option*\"?[^>]*>", $secvalue)) ||
(eregi(";", $secvalue)) ||
(eregi("'", $secvalue)) ||
(eregi("?", $secvalue)) ||
(eregi("`", $secvalue)) ||
(eregi("+", $secvalue)) ||
(eregi("\"", $secvalue))) {
die (";-) whereis lammer lammer: you");
}
}
----- <<EOF -----
The advantage of this method is that all files of geeklog are using
lib-common.php and the lib-common.php script includes the code of
lib-security.php , al the things can be controlled by one script , thi is
more easy than edit all the independant files of the html dir and include
the fix.
Enjoy !
Regards,
------------------------------------------------------
Lorenzo Hernandez Garcia-Hierro
--- Security Consultant ---
------------------NSRGroup-------------------
PGP: Keyfingerprint
D185 3555 8ECD 3921 6B21 ACC6 CEBB 2826 4B4C 283E
ID: 0x4B4C283E
Size: 4096
**********************************
NSRGroup
( No Secure Root Group Security Research Team ) /
( NovaPPC Security Research Group )
http://www.nsrg-security.com
______________________
Powered by blists - more mailing lists