vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   To all Coder (https://vborg.vbsupport.ru/showthread.php?t=169100)

Tyran1 01-29-2008 11:21 PM
Quote:
Originally Posted by Roflstilzchen (Post 1432103)
to make a long story short: the original hack was a sports betting addon for world soccer championship in 2006 and the original coder (TheSisko) doesnt support it anymore and the old download thread doesn?t exist too. Tyran1 changed the code into an addon for european championship 2008 but unfortunately the original code has a security leak (i guess sql-injections) which tyran is not able to fix by himself.

@tyran: maybe you should provide the hack to the users here, because without it no one will be able to help you just like lynne allready said.

Thank you.

Ok the Addon in the appendix

cheesegrits 01-30-2008 03:34 AM
If it's an SQL injection problem, then it's probably these lines in EM2008.php:

Code:
                                $sql = "INSERT INTO " . TABLE_PREFIX . "rth_em08_bets (user_id,em_game_number,bet_result,bet_home,bet_visitor)
                                                                        VALUES (".$vbulletin->userinfo['userid'].",".$game.",".$result['bet_result'].",".$result['home'].",".$result['visitor'].")";
... where none of those variables being inserted have been cleaned properly.

At the very least, I'd do ...

Code:
$game = $db->escape_string($game);
$result['bet_result'] = $db->escape_string($result['bet_result']);
$result['home'] = $db->escape_string($result['home']);
$result['visitor'] = $db->escape_string($result['visitor']);
... before that query.

-- hugh

Tyran1 01-30-2008 05:24 AM
Quote:
Originally Posted by cheesegrits (Post 1432201)
If it's an SQL injection problem, then it's probably these lines in EM2008.php:

Code:
                                $sql = "INSERT INTO " . TABLE_PREFIX . "rth_em08_bets (user_id,em_game_number,bet_result,bet_home,bet_visitor)
                                                                        VALUES (".$vbulletin->userinfo['userid'].",".$game.",".$result['bet_result'].",".$result['home'].",".$result['visitor'].")";
... where none of those variables being inserted have been cleaned properly.

At the very least, I'd do ...

Code:
$game = $db->escape_string($game);
$result['bet_result'] = $db->escape_string($result['bet_result']);
$result['home'] = $db->escape_string($result['home']);
$result['visitor'] = $db->escape_string($result['visitor']);
... before that query.

-- hugh
Many thank you!!!!! Sorry which I ask however was that everything?

--------------- Added [DATE]1201713109[/DATE] at [TIME]1201713109[/TIME] ---------------

One has me further to place called these obviously also a problem to explain...

Quote:
$vbulletin->input->clean_array_gpc('p', array(
'betgame' => TYPE_ARRAY,

[...]
$userbetcheck = $db->query_first("SELECT count(*) as anzahl FROM " . TABLE_PREFIX . "rth_em08_bets
WHERE user_id = ".$vbulletin->userinfo['userid']."
AND em_game_number = ".$game."");
and

Quote:
//phase?
$default_phase = ($em_now < $phase2_timestamp) ? 1 : 2;
$_GET['phase'] = (!empty($_GET['phase'])) ? $_GET['phase'] : $default_phase;
$show['phase'] = $_GET['phase'];
$phase_name = $vbphrase['EM2008_phase'.$_GET['phase']];
$_GET['phase'] = $phase_array[$_GET['phase']];
--------------- Added [DATE]1201713261[/DATE] at [TIME]1201713261[/TIME] ---------------

One wrote me: "Das are not no stringers, and/or should be. = > intval() or other method over to guarantee that it more integer sind"

cheesegrits 01-30-2008 03:20 PM
Yes, I just pointed out the obvious one. There is other work needs doing to proeprly sanitize your inputs.

Basically any user input you use in a query should be cleaned properly - that is, make sure it's been through the vbulletin GPC cleaner, and unless you have specific reasons not to, use escape_string.

And of course NEVER use $_GET, $_POST or $_REQUEST directly. Always run all input through the vbulletin GPC cleaner.

Suggest you read this excellent article:

https://vborg.vbsupport.ru/showthread.php?t=154411

-- hugh

Tyran1 02-02-2008 04:36 PM
Thank you @all.

The Thread can Closed!


All times are GMT. The time now is 02:26 PM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01285 seconds
  • Memory Usage 1,736KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete