Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > Premium Archives > ibProArcade Archive

Reply
 
Thread Tools
Alternate fix to injection code in comments Details »»
Alternate fix to injection code in comments
Version: , by rpgamersnet rpgamersnet is offline
Developer Last Online: Nov 2013 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 02-28-2012 Last Update: Never Installs: 0
 
No support by the author.

So, in another thread it was mentioned that the current fix may get the job done, its also filtering out good data. There must be some proper solution to handle incoming comment data securely. I thought I would start a discussion in regards to finding an alternate fix to the problem then the one currently available.

The problem: Users input data into comments that is executed and causes trouble.

Solution ideas: Escape incoming data so that it cannot execute? Allow only alphanumeric comment data and write the SQL statements so that they cannot be broken out?

I will be the first to admit I am not a professional coder, although I do write a lot of code myself. I haven't taken a long look at how the comments are currently handled, but plan to. Lets pool some ideas and help MrZeroPage come up with a more solid fix!

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #12  
Old 02-29-2012, 08:58 PM
Mark.B Mark.B is offline
Senior Member
 
Join Date: Feb 2004
Posts: 1,354
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

But the code Stangger has posted is NOT what changed in 2.7.2.
Reply With Quote
  #13  
Old 02-29-2012, 09:12 PM
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
Location: USA, New Jersey
Posts: 2,392
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

stangger5 knows this mod better than anyone here.. so trust what he says ...
he has tested this out for the last few days...
Reply With Quote
  #14  
Old 02-29-2012, 10:19 PM
stangger5's Avatar
stangger5 stangger5 is offline
 
Join Date: Jan 2005
Location: Online
Posts: 1,130
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Mark.B View Post
But the code Stangger has posted is NOT what changed in 2.7.2.
MrZ changed this:
2.7.1
PHP Code:
$ibforums->input['s_id'] = ibp_cleansql($ibforums->input['s_id']); 
to this:
2.7.2
PHP Code:
$ibforums->input['s_id'] = intval(ibp_cleansql($ibforums->input['s_id'])); 
I have this:

PHP Code:
$ibforums->input['s_id'] = intval($ibforums->input['s_id']); 
MrZ`s code is tring to clean the int data .
I`m no guru like MrZ...

--------------- Added [DATE]1330558171[/DATE] at [TIME]1330558171[/TIME] ---------------

To get this thread back on track,,here is a very good read for the ones wanting to learn some of the vBulletin Input Cleaner..

Using the vBulletin Input Cleaner
Reply With Quote
  #15  
Old 02-29-2012, 10:35 PM
rpgamersnet rpgamersnet is offline
 
Join Date: Jul 2004
Location: Canada
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I guess my question was just if the other part that was added is needed, the looping replace function that removes SQL words from comments (but also removes good data). It is near the bottom of the 2.7.2 arcade.php ... needed or just playing it safe?
Reply With Quote
  #16  
Old 02-29-2012, 10:47 PM
stangger5's Avatar
stangger5 stangger5 is offline
 
Join Date: Jan 2005
Location: Online
Posts: 1,130
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think,,its playing it safe...Which is not a bad thing these days...

I`m looking into using the vBulletin Input Cleaner instead of the ibp_cleansql..
Reply With Quote
  #17  
Old 02-29-2012, 11:03 PM
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
Location: USA, New Jersey
Posts: 2,392
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by rpgamersnet View Post
I guess my question was just if the other part that was added is needed, the looping replace function that removes SQL words from comments (but also removes good data). It is near the bottom of the 2.7.2 arcade.php ... needed or just playing it safe?
what good data is it removing ?
Reply With Quote
  #18  
Old 03-01-2012, 12:14 PM
rpgamersnet rpgamersnet is offline
 
Join Date: Jul 2004
Location: Canada
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Hippy View Post
what good data is it removing ?
If you refer to this post: https://vborg.vbsupport.ru/showpost....91&postcount=5

The code I am asking about is the loop that removes all the SQL keywords from the comments. Most I'm sure won't come across in normal comments, but filtering out parts like "or" and "and" are going to catch and mess up standard comments, as given in the example on that post.

"I got the high score!" becomes "I got the high sce!"

"Got a great hand on the last round!" -> "Got a great h on the last round"

Some basic words will get filtered as well, not just the bad SQL data, which is why I suggested that maybe this fix is not the best solution. Code I am questioning is quoted here:

PHP Code:
function recursive_str_ireplace($replacethis,$withthis,$inthis)
{
    while (
1==1)
    {
        
$inthis str_ireplace($replacethis,$withthis,$inthis);
        if(
stristr($inthis$replacethis) === FALSE)
        {
            RETURN 
$inthis;
        }
    }
    RETURN 
$inthis;

PHP Code:
 // remove any SQL-commands
    
$sqlcomm[] = 'create';
    
$sqlcomm[] = 'database';
    
$sqlcomm[] = 'table';
    
$sqlcomm[] = 'insert';
    
$sqlcomm[] = 'update';
    
$sqlcomm[] = 'rename';
    
$sqlcomm[] = 'replace';
    
$sqlcomm[] = 'select';
    
$sqlcomm[] = 'handler';
    
$sqlcomm[] = 'delete';
    
$sqlcomm[] = 'truncate';
    
$sqlcomm[] = 'drop';
    
$sqlcomm[] = 'where';
    
$sqlcomm[] = 'or';
    
$sqlcomm[] = 'and';
    
$sqlcomm[] = 'values';
    
$sqlcomm[] = 'set';
    
$sqlcomm[] = 'password';
    
$sqlcomm[] = 'salt';
    
$sqlcomm[] = 'concat';
    
$sqlcomm[] = 'schema';
    
$value recursive_str_ireplace($sqlcomm''$value); 
Some recent threads have started to appear complaining of errors appearing, this new code is also the source of those new problems; the new recursive_str_ireplace loop to replace these parts of the comment field.... and any other field being filtered by the ibp_cleansql function.
Reply With Quote
  #19  
Old 03-01-2012, 08:32 PM
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
Location: USA, New Jersey
Posts: 2,392
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks .. do this https://vborg.vbsupport.ru/showpost....3&postcount=13
and pull the new code added out..
this will do the job.. but does not work on all servers..

stangger5 is going to work this out ..
I think code it to the way vb does it ..
but this is not set in stone ATM.. just a twinkle in the sky
Reply With Quote
  #20  
Old 03-02-2012, 01:11 AM
rpgamersnet rpgamersnet is offline
 
Join Date: Jul 2004
Location: Canada
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Hippy View Post
thanks .. do this https://vborg.vbsupport.ru/showpost....3&postcount=13
and pull the new code added out..
this will do the job.. but does not work on all servers..

stangger5 is going to work this out ..
I think code it to the way vb does it ..
but this is not set in stone ATM.. just a twinkle in the sky
Yep I already made the change he noted If I knew more about the inner workings of VB I'd offer to try to be of more help, but I have never messed with mods much myself. Look forward to any fixes that might arise

Thanks to everyone for helping out! Great community this mod has.
Reply With Quote
  #21  
Old 03-02-2012, 01:30 AM
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
Location: USA, New Jersey
Posts: 2,392
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

stannger5 can explain more about it but this is what I use since the other will kill wanted stuff...
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:01 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04795 seconds
  • Memory Usage 2,328KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete