Pages: [1] 2 3 4 5
Tags: APP ABYWNS URL ADVERTISEMENT AMP BANNER BANNERREDIRECT BANNERS BANURL BIN CGI COM CYBER CYBERCRIME GOV IBAN JASMINEBECKETGRIFFITH JPEG TWILIGHTREFLECTIONS
  Author: Topic: Abywns security patch
offline dave666
Last Visit: 08/20/05

Level 2
100
Joined: 02/16/03
Forum Posts: 43
 Abywns security patch
 Posted on: 09/14/04 at 08:52:26

I recently installed Abywns security patch for both hacked and non hacked Web-APP versions that redirects a hack attempt to www.cybercrime.gov.... external link Since installing this hack I have found a problem with the advertisement banners, each time I click on a banner to follow the link it also takes me to the cyber crime website. At first I assumed it was the patch which I then removed. After removing the patch the banners take you to the desired site The URL attached to the banner seems to be the same weather the patch is installed or not

This is an example of a URL link attached to a banner
http://www.twilightreflections.com... external link

Has anyone else had this problem or know how I can solve it?




GothManDave
Legend in my own mind!
Logged
       
offline bantychick
Last Visit:

Guest
 Re: Abywns security patch
 Posted on: 09/14/04 at 09:02:44

I have it on a site that doesn't have the banners turned on and had forgotten to put it on the other sites.

So I just put it on, and it doesn't take me to cybercrime, but it causes a server error. I take it back off, and my banners work fine.
Logged
     
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Abywns security patch
 Posted on: 09/14/04 at 09:17:05

Also menu manager had a similliar  conflict with it.

The other patches should work fine with out this patch.  Besides Abywns  was mentioning something about making a better patch for get cgi.







"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline bantychick
Last Visit:

Guest
 Re: Abywns security patch
 Posted on: 09/14/04 at 09:23:29

Yes it works okay with banners turned off.

I turned on banners on More WebAPP so you can see.

http://www.open-id.com... external link

It just gives a server error there, too. I have all the banner fixes applied, though, so that's probably why.
Logged
     
offline bantychick
Last Visit:

Guest
 Re: Abywns security patch
 Posted on: 09/14/04 at 09:44:28

It works okay like this:

########## hacker protection by abwyn #########
# from http://cornerstone.web-app.net ... external link
# add to index.cgi under logvisitors(); # on

foreach $tmpkey_inf (sort keys(%info)) {
     $tmpval = $info{$tmpkey_inf};
     $tmpval =~ s/\n/&&/ig;
#      if ($tmpval =~ /(\/\.\.\\)/ ) {
#            $info{$tmpkey_inf}=~s/[\/\.\.\\]//sg;
     if ($tmpval =~ /(\.\.\\)/ ) {
           $info{$tmpkey_inf}=~s/[\.\.\\]//sg;

###############################################
# here you put all the devices
# you want to use when a hack attempt is made, like:

#       $hack_attack = 1;
#       print "Location: http://www.cybercrime.gov... external link\n\n"; exit; # to SCARE THEM !!!
#
# or simply
# exit;

           print "Location: $pageurl/$cgi?action=anonemail&sendto=WebmasterEmail";
           exit;

###############################################

     }
}

###### end hacker protection by abwyn #########

Logged
     
offline bantychick
Last Visit:

Guest
 Re: Abywns security patch
 Posted on: 09/14/04 at 09:52:07

Or it will work like this, too. But I don't know if hackers can do anything with the bannerredirect url.

########## hacker protection by abwyn #########
# from http://cornerstone.web-app.net ... external link
# add to index.cgi under logvisitors(); # on

foreach $tmpkey_inf (sort keys(%info)) {
     $tmpval = $info{$tmpkey_inf};
     $tmpval =~ s/\n/&&/ig;
#      if ($tmpval =~ /(\/\.\.\\)/ ) {
#            $info{$tmpkey_inf}=~s/[\/\.\.\\]//sg;
#      if ($tmpval =~ /(\.\.\\)/ ) {
#            $info{$tmpkey_inf}=~s/[\.\.\\]//sg;
     if (($action ne "bannerredirect") && ($tmpval =~ /(\/\.\.\\)/ )) {
           $info{$tmpkey_inf}=~s/[\/\.\.\\]//sg;

###############################################
# here you put all the devices
# you want to use when a hack attempt is made, like:

#       $hack_attack = 1;
#       print "Location: http://www.cybercrime.gov... external link\n\n"; exit; # to SCARE THEM !!!
#
# or simply
# exit;

           print "Location: $pageurl/$cgi?action=anonemail&sendto=WebmasterEmail";
           exit;

###############################################

     }
}

###### end hacker protection by abwyn #########
Logged
     
offline bantychick
Last Visit:

Guest
 Re: Abywns security patch
 Posted on: 09/14/04 at 09:53:11

That last one will only do the directory transversal check if the action is not the banner redirect.
Logged
     
offline On
Last Visit: 05/20/06

Level 7
Dev
Joined: 06/19/03
Forum Posts: 6737
 Re: Abywns security patch
 Posted on: 09/14/04 at 09:56:08


           print "Location: $pageurl/$cgi?action=anonemail&sendto=WebmasterEmail";
           



I didnt understand that one, what is supposed to do?





"Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."
(Damian Conway from the book Perl Best Practices).



[*]LANGUAGE FILES (and language support) -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP SECURITY PATCHES -> http://www.mlapp.org... external link
[*]FOR THE LATEST WEB-APP MODS (addons) -> http://www.web-app.net... external link  /perl/webapp/modapp/
[*]FOR THE LATEST VERSION OF STATSLOG script (security addon) -> http://www.mlapp.org... external link
[*]TO CONTACT ME CLICK HERE-> info@mlapp.org OR VISIT-> http://www.mlapp.org... external link
 


[/center]
Logged
       
offline DenDen33
Last Visit: 02/05/05

Level 7
Joined: 05/26/02
Forum Posts: 2244
 Re: Abywns security patch
 Posted on: 09/14/04 at 09:58:22

though, this code makes absolutely no sense, I'm going to try it :)



What do you mean it's NOT butter?
Logged
     
offline bantychick
Last Visit:

Guest
 Re: Abywns security patch
 Posted on: 09/14/04 at 09:58:49

It redirects innocent people who type a weird URL to send me an anonymous webmaster email so I can explain to them why they had the problem. Or in case anything goes wrong with these security features, at least they can get there to email me. Otherwise they couldn't access the site.
Logged
     
offline DenDen33
Last Visit: 02/05/05

Level 7
Joined: 05/26/02
Forum Posts: 2244
 Re: Abywns security patch
 Posted on: 09/14/04 at 10:02:11

Welp, it seems to work, go figure :)  Great idea! :)  (The redirect to the gov site :) )



What do you mean it's NOT butter?
Logged
     
offline bantychick
Last Visit:

Guest
 Re: Abywns security patch
 Posted on: 09/14/04 at 10:03:34



though, this code makes absolutely no sense, I'm going to try it :)


if (($action ne "bannerredirect") && ($tmpval =~ /(\/\.\.\\)/ )) {
          $info{$tmpkey_inf}=~s/[\/\.\.\\]//sg;

It says if the action being taken is not a banner link, and if the URL contains a forward slash or a series of backslashes and/or dots in the query string (after the first question mark), then remove the strange characters and take the action as chosen by the user below that. Now do I have you fully confused? :)
Logged
     
offline bantychick
Last Visit:

Guest
 Re: Abywns security patch
 Posted on: 09/14/04 at 10:04:51

I still don't even know if mine works, LOL.
Logged
     
offline DenDen33
Last Visit: 02/05/05

Level 7
Joined: 05/26/02
Forum Posts: 2244
 Re: Abywns security patch
 Posted on: 09/14/04 at 10:09:20

I wasn't talking about the banner version. LOL  You posted that as I was typing my original comment. LOL  Now that I see it in a code editor with highlights, it makes sense :)


though, this code makes absolutely no sense, I'm going to try it :)

if (($action ne "bannerredirect") && ($tmpval =~ /(\/

\.\.

\\)/ )) {
          $info{$tmpkey_inf}=~s///sg;

It says if the action being taken is not a banner link, and if the URL contains a forward slash or a series of backslashes and/or dots in the query string (after the first question mark), then remove the strange characters and take the action as chosen by the user below that. Now do I have you fully confused? :)





What do you mean it's NOT butter?
Logged
     
offline dave666
Last Visit: 08/20/05

Level 2
100
Joined: 02/16/03
Forum Posts: 43
 Re: Abywns security patch
 Posted on: 09/14/04 at 16:07:19

Thanks for the replies!
I’m going to try your new code and see what happens, I’m also going to try the other patches.




GothManDave
Legend in my own mind!
Logged
       
offline abywn
Last Visit: 03/27/08

Administrator
Dev
Joined: 06/02/06
Forum Posts: 2781
 Re: Abywns security patch
 Posted on: 09/17/04 at 04:09:55

Hi people,

my hack forbids ALLLLLLL URL's to deliver any path information.
For this reason it will not work with the old banner routine... (and it should not either ;-))

If you adapt it to work with bannerurls you will let the hackers back in :-)

there has been a banner patch a while ago (maybe ae's?) that is using
form-input instead of URL-input.

That should be used and fixed. !!!!!

If you allow all those //..\\ and stuff
with the action=bannerredirect you open the door for directory traversals again...

just combine
action=bannerredirect with an id=some..path..traversal

banners have to be adapted to NOT use paths in URL...

Does anybody remember who did the banner-update?
"ae" are you there ?

in some versions also blocks and ecards have to be adapted to use FORMS instead of URL...

If we want to be safe
NOTHING pathlike should ever be delivered by the URL
lets use forms (and check the referer) and nothing can happen again...

cool
abywn




I will be gone and completely offline every week from Fri - Wednesday!
I'll try to read and post at least on Thursdays
Logged
       

  Abywns security patch
  Security
  Forums
  
Pages: [1] 2 3 4 5
Hop to: