vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   To all Coder (https://vborg.vbsupport.ru/showthread.php?t=169100)

Tyran1 01-29-2008 08:42 PM
To all Coder
 
I world championship has circumscribed then in 2006 tip play minced meat in EM 2008 tip play.

The minced meat functions perfectly.
Unfortunately, there is allerding security problems with the minced meat.

The minced meat has 3 dateien,
it would be nice if to itself somebody would find around the Sicherheits l?cke to close.

Thank many

Sorry for my English

Coders Shack 01-29-2008 09:02 PM
you need a better translation program, i cant understand what you need.

Roflstilzchen 01-29-2008 09:07 PM
he needs help with an addon wich seems to have a security leak.

Coders Shack 01-29-2008 09:10 PM
minced meat?

Tyran1 01-29-2008 09:13 PM
Quote:
Originally Posted by Coders Shack (Post 1432031)
you need a better translation program, i cant understand what you need.
Yes have a problem with a addon.
Yes zhe addon has a security leak

Roflstilzchen 01-29-2008 09:18 PM
Quote:
Originally Posted by Tyran1 (Post 1432044)
Yes have a problem with a addon.
Yes zhe addon has a security leak
try http://de.babelfish.yahoo.com/ ;)

Tyran1 01-29-2008 09:25 PM
I have the WM addon from The Sisko into the EM 2008 addon!
That addon runs without problems however has chop security problems...
unfortunately I cannot do that

Help my Please!

Lynne 01-29-2008 10:07 PM
Where did you get this hack? Have you tried posting in the thread you got the hack in? They are probably better able to help you with the security problem. We can't help you if we don't have the code (and probably can't even then).

Tyran1 01-29-2008 10:43 PM
Quote:
Originally Posted by Lynne (Post 1432076)
Where did you get this hack? Have you tried posting in the thread you got the hack in? They are probably better able to help you with the security problem. We can't help you if we don't have the code (and probably can't even then).
The creator of this Addon of it makes however nothing more white, unfortunately. Me only communicated in addon security of problems gives more white I also not.

In german :

http://www.vbulletin-germany.org/showthread.php?t=1518

Roflstilzchen 01-29-2008 10:53 PM
to make a long story short: the original hack was a sports betting addon for world soccer championship in 2006 and the original coder (TheSisko) doesnt support it anymore and the old download thread doesn´t exist too. Tyran1 changed the code into an addon for european championship 2008 but unfortunately the original code has a security leak (i guess sql-injections) which tyran is not able to fix by himself.

@tyran: maybe you should provide the hack to the users here, because without it no one will be able to help you just like lynne allready said.

Tyran1 01-29-2008 11:21 PM
Quote:
Originally Posted by Roflstilzchen (Post 1432103)
to make a long story short: the original hack was a sports betting addon for world soccer championship in 2006 and the original coder (TheSisko) doesnt support it anymore and the old download thread doesn?t exist too. Tyran1 changed the code into an addon for european championship 2008 but unfortunately the original code has a security leak (i guess sql-injections) which tyran is not able to fix by himself.

@tyran: maybe you should provide the hack to the users here, because without it no one will be able to help you just like lynne allready said.

Thank you.

Ok the Addon in the appendix

cheesegrits 01-30-2008 03:34 AM
If it's an SQL injection problem, then it's probably these lines in EM2008.php:

Code:
                                $sql = "INSERT INTO " . TABLE_PREFIX . "rth_em08_bets (user_id,em_game_number,bet_result,bet_home,bet_visitor)
                                                                        VALUES (".$vbulletin->userinfo['userid'].",".$game.",".$result['bet_result'].",".$result['home'].",".$result['visitor'].")";
... where none of those variables being inserted have been cleaned properly.

At the very least, I'd do ...

Code:
$game = $db->escape_string($game);
$result['bet_result'] = $db->escape_string($result['bet_result']);
$result['home'] = $db->escape_string($result['home']);
$result['visitor'] = $db->escape_string($result['visitor']);
... before that query.

-- hugh

Tyran1 01-30-2008 05:24 AM
Quote:
Originally Posted by cheesegrits (Post 1432201)
If it's an SQL injection problem, then it's probably these lines in EM2008.php:

Code:
                                $sql = "INSERT INTO " . TABLE_PREFIX . "rth_em08_bets (user_id,em_game_number,bet_result,bet_home,bet_visitor)
                                                                        VALUES (".$vbulletin->userinfo['userid'].",".$game.",".$result['bet_result'].",".$result['home'].",".$result['visitor'].")";
... where none of those variables being inserted have been cleaned properly.

At the very least, I'd do ...

Code:
$game = $db->escape_string($game);
$result['bet_result'] = $db->escape_string($result['bet_result']);
$result['home'] = $db->escape_string($result['home']);
$result['visitor'] = $db->escape_string($result['visitor']);
... before that query.

-- hugh
Many thank you!!!!! Sorry which I ask however was that everything?

--------------- Added [DATE]1201713109[/DATE] at [TIME]1201713109[/TIME] ---------------

One has me further to place called these obviously also a problem to explain...

Quote:
$vbulletin->input->clean_array_gpc('p', array(
'betgame' => TYPE_ARRAY,

[...]
$userbetcheck = $db->query_first("SELECT count(*) as anzahl FROM " . TABLE_PREFIX . "rth_em08_bets
WHERE user_id = ".$vbulletin->userinfo['userid']."
AND em_game_number = ".$game."");
and

Quote:
//phase?
$default_phase = ($em_now < $phase2_timestamp) ? 1 : 2;
$_GET['phase'] = (!empty($_GET['phase'])) ? $_GET['phase'] : $default_phase;
$show['phase'] = $_GET['phase'];
$phase_name = $vbphrase['EM2008_phase'.$_GET['phase']];
$_GET['phase'] = $phase_array[$_GET['phase']];
--------------- Added [DATE]1201713261[/DATE] at [TIME]1201713261[/TIME] ---------------

One wrote me: "Das are not no stringers, and/or should be. = > intval() or other method over to guarantee that it more integer sind"

cheesegrits 01-30-2008 03:20 PM
Yes, I just pointed out the obvious one. There is other work needs doing to proeprly sanitize your inputs.

Basically any user input you use in a query should be cleaned properly - that is, make sure it's been through the vbulletin GPC cleaner, and unless you have specific reasons not to, use escape_string.

And of course NEVER use $_GET, $_POST or $_REQUEST directly. Always run all input through the vbulletin GPC cleaner.

Suggest you read this excellent article:

https://vborg.vbsupport.ru/showthread.php?t=154411

-- hugh

Tyran1 02-02-2008 04:36 PM
Thank you @all.

The Thread can Closed!


All times are GMT. The time now is 05:03 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01955 seconds
  • Memory Usage 1,757KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (15)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete