vb.org Archive
Page 10 of 16 « First 89 10 1112 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Proxy Hack v1.0 (https://vborg.vbsupport.ru/showthread.php?t=38358)

Stadler 11-15-2002 08:15 PM
Well, you need to run this query in order to add this field to your 'post'-Table.

If you're not able to add this field through the query I can't help you, sorry.

Asendin 11-15-2002 09:05 PM
can the query be done threw ssh?

maybe there is a bug in my Cpanel version i have never had a problem with running a query before.

Stadler 11-15-2002 11:16 PM
I don't know. I'm doing all Database Maintenance and all querys through phpMyAdmin, but I think you should be able to execute the query, if you're logged in into your forums database. Well ... I prefer phpMyAdmin for this.

Just an idea, but maybe you should upgrade to phpMyAdmin 2.3.2 and then retry to apply the query again through phpMyAdmin?

Asendin 11-15-2002 11:32 PM
it is version 2.3.2

MySQL 3.23.53

thanks

350Chevy 11-26-2002 06:57 AM
I installed this hack but it barely works..

To test it I used 5 well known proxy web based cgi engines and it only detected one. On top of that, the one that it DID detect said my IP was someone WAY off from what it really is.

Great idea, great concept and it does sort of work but I'm just letting you know this needs much more work and should probably still be in the BETA forum.

Takara 11-26-2002 07:39 AM
Its dependant on the proxy and such. Normal ISP proxys and non anon proxys give your IP, but not all. So the code is not beta.

Paul 12-10-2002 03:25 AM
A Bugtraq subscriber released a XSS vulnerability today involving Ikonboard and a similar feature to this hack in that forum. Preventative measures should probably be taken with this hack:

Quote:
2. Via X-Forwarded-For: header.

User's IPs are available for admin. If user accesses Ikonboard via
Proxy, X-Forwarded-For: header is shown instead of proxy IP without
filtering. Length is limited to 16 characters, but it's still possible
do something interesting with 2 requests <script>/* and */<script>.
Best wishes,
Paul

Stadler 12-10-2002 10:21 AM
Well ... why reinvent the wheel? Just use the XSS-Fix from vB2.2.9:

IN newthread.php AND newreply.php FIND
Code:
    } else {
      $proxyip="";
    }
ADD AFTER THAT
Code:
    $proxyip=xss_clean($proxyip);
Be aware, that this fix needs vB2.2.9 and above.

Stadler

Bison 12-10-2002 04:25 PM
Are there any more methods to checking proxies than this:

Code:
       
if ($HTTP_SERVER_VARS['HTTP_FORWARDED']!="") {
      $proxyip=$HTTP_SERVER_VARS['HTTP_FORWARDED'];
    } elseif ($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']!="") {
      $proxyip=$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'];
    } elseif ($HTTP_SERVER_VARS['HTTP_CLIENT_IP']!="") {
      $proxyip=$HTTP_SERVER_VARS['HTTP_CLIENT_IP'];
    } else {
      $proxyip="";
    }
    $proxyip=xss_clean($proxyip);
All this seems to do is match similarities in the actual IP address ... doesn't do a good job at detecting proxies. I have tested this code with all types of proxies and I aint getting nothing! :(

Talisman 12-11-2002 04:50 AM
We're getting odd results, too. It's noting people with proxies who don't use them. Not quite sure what to think now.


All times are GMT. The time now is 10:51 PM.
Page 10 of 16 « First 89 10 1112 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01231 seconds
  • Memory Usage 1,735KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_code_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete