Waraxe IT Security Portal

Spacebom · Regular user

Hi guys:

Almost all of PHP-Nuke atacks try to get nuke_authors information, and i think that writte this code in mainfile.php is nice:

waraxe · Site admin

This can be evaded by "/**/union/**/" and "/**/nuke_authors/**/"
And sql injection can be done through POST or COOKIE array, so this security trap only helps against the simplest of attacks.

icenix · Advanced user

waraxe could do answer it better than me but i would say
that it would still be possible to use something like

Spacebom · Regular user

hmmm, yeah, you have reason, thank u very much-

b0ilz · Regular user

/**/UN/**/ION will only work with some databases to evade this. mySQL treats /**/ as a field seporator. So this will not work.

as for the check. it is flawed as waraxe stated. Also, checking for such things is ok. but what if the query_string is manipulated? like how php will do url decoding on the query string when it assigns $_request ($_GET, $_POST, $_COOKIES) or when doing register_globals assignments. Also other string manipulation later might change something in the query_string.

checking for union and nuke_authors is a bad idea. it will deny many false positives if you check for it in POST data, and it will not do any good if you dont check in POST data.

Forget CMS, do html yourself Smile

just a suggestion.