Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
Reload this Page Input Cleaning
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-26-2006, 11:20 PM
Kirk Y's Avatar
Kirk Y Kirk Y is offline
 
Join Date: Apr 2005
Location: Tallahassee, Florida
Posts: 2,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Input Cleaning
Okay, somebody save me from myself. I can't get my request to clean.

Code:
$pw = $vbulletin->userinfo[password];
$string = md5($pw);
$h =& $vbulletin->input->clean_gpc('r', 'h', TYPE_UINT);

if ($_REQUEST['do'] == 'unsub')
{
   if (md5($h) === $string)
   {
       echo 'correct';
   }
   else
   {
       echo 'incorrect';
   }
}
Now, if I go ahead and just use $_GET instead of cleaning, it works fine -- but it fails if I try to use the cleaned var. What am I missing here?
Reply With Quote
  #2  
Old 08-26-2006, 11:47 PM
Code Monkey's Avatar
Code Monkey Code Monkey is offline
 
Join Date: May 2004
Posts: 1,080
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
PHP Code:
$pw $vbulletin->userinfo[password];
$string md5($pw);
$vbulletin->input->clean_array_gpc('r', array(
    'h' => TYPE_UINT
));

if ($_REQUEST['do'] == 'unsub')
{
    echo (md5($vbulletin->GPC['h']) === $string) ? 'correct' 'incorrect';
Reply With Quote
  #3  
Old 08-27-2006, 12:34 AM
Kirk Y's Avatar
Kirk Y Kirk Y is offline
 
Join Date: Apr 2005
Location: Tallahassee, Florida
Posts: 2,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Still fails incorrect. That's alright though, I'm just going to use $_GET -- it never touches SQL, so I don't see how it could be exploited.
Reply With Quote
  #4  
Old 08-27-2006, 12:51 AM
harmor19 harmor19 is offline
 
Join Date: Apr 2005
Posts: 1,324
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Why are are seeing if the hash is an integer? Shouldn't it be TYPE_STR?

PHP Code:
$pw $vbulletin->userinfo[password];
$string md5($pw);
$vbulletin->input->clean_array_gpc('r', array(
    'h' => TYPE_STR
));

if ($_REQUEST['do'] == 'unsub')
{
    echo (md5($vbulletin->GPC['h']) === $string) ? 'correct' 'incorrect';
Reply With Quote
  #5  
Old 08-27-2006, 12:58 AM
Kirk Y's Avatar
Kirk Y Kirk Y is offline
 
Join Date: Apr 2005
Location: Tallahassee, Florida
Posts: 2,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Ha ha... wow. Thanks Harmor, I'm feeling a wee bit stupid.
Reply With Quote
  #6  
Old 08-27-2006, 01:08 AM
harmor19 harmor19 is offline
 
Join Date: Apr 2005
Posts: 1,324
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by acidburn0520
Ha ha... wow. Thanks Harmor, I'm feeling a wee bit stupid.
Everybody has one of those days.
I gave you the idea and I fixed your code.
I want some credit


j/k
Good luck on your hack
Reply With Quote
  #7  
Old 08-27-2006, 01:19 AM
Kirk Y's Avatar
Kirk Y Kirk Y is offline
 
Join Date: Apr 2005
Location: Tallahassee, Florida
Posts: 2,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Ha ha, well I reminded you of your missing table prefixes!

Don't worry, I'll mention ya.

(small print though)
Reply With Quote
  #8  
Old 08-27-2006, 02:30 AM
Code Monkey's Avatar
Code Monkey Code Monkey is offline
 
Join Date: May 2004
Posts: 1,080
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
There was more wrong than just that.
Reply With Quote
  #9  
Old 08-27-2006, 03:05 AM
Kirk Y's Avatar
Kirk Y Kirk Y is offline
 
Join Date: Apr 2005
Location: Tallahassee, Florida
Posts: 2,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
What else is wrong? Because it's working fine now after changing the type.
Reply With Quote
  #10  
Old 08-27-2006, 03:36 AM
harmor19 harmor19 is offline
 
Join Date: Apr 2005
Posts: 1,324
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
We love seeing you make an ass out of yourself.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 03:41 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05547 seconds
  • Memory Usage 2,261KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (2)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete