From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Fri, 7 May 2004 09:53:30 +0300 From: Michael Shigorin To: ALT Linux Sisyphus discussion list Message-ID: <20040507065330.GJ10997@osdn.org.ua> Mail-Followup-To: ALT Linux Sisyphus discussion list References: <4099E5C0.2060103@syktsu.ru> <200405061124.48348.aris@altlinux.ru> <4099EF78.5060703@syktsu.ru> <20040506202608.GA10997@osdn.org.ua> <409B2368.8010203@syktsu.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dgjlcl3Tl+kb3YDk" Content-Disposition: inline In-Reply-To: <409B2368.8010203@syktsu.ru> User-Agent: Mutt/1.4.2.1i Subject: [sisyphus] Re: [JT] Re: =?koi8-r?b?0NLPwszFzcEg0yDV09TBzs/Xy8/K?= lineakconfig X-BeenThere: sisyphus@altlinux.ru X-Mailman-Version: 2.1.4 Precedence: list Reply-To: ALT Linux Sisyphus discussion list List-Id: ALT Linux Sisyphus discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 May 2004 06:53:35 -0000 Archived-At: List-Archive: --dgjlcl3Tl+kb3YDk Content-Type: multipart/mixed; boundary="5oH/S/bF6lOfqCQb" Content-Disposition: inline --5oH/S/bF6lOfqCQb Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 07, 2004 at 09:49:28AM +0400, Vladimir Lettiev wrote: > >>=E1 =D4=CF =D0=CF=C8=CF=D6=C5 =D0=D2=C9=C5=CD=CC=C5=CD=D9=CA =C4=CC=D1 = =CE=CF=D7=C9=DE=CB=C1 GUI =D7=C9=D6=D5 =D4=CF=CC=D8=CB=CF =D5 sven... > >=EF=CE, =CB=D3=D4=C1=D4=C9, =D0=C5=D2=C5=C5=DA=D6=C1=C5=D4 =D0=CF=C4 "= =CB=D2=D9=DB=D5" linux.kiev.ua. :) > =C8=CF=D3=D4=C9=D4=D3=D1 =CE=C1 linux.kiev.ua? =F7 =D0=D2=CF=C3=C5=D3=D3=C5 =D0=C5=D2=C5=C5=DA=C4=C1. > =E1 =D1 =DA=C1=DB=A3=CC =CE=C1 =D3=C1=CA=D4 linux.kiev.ua =C9 =D5=D7=C9= =C4=C5=CC =D3=D4=D2=C1=CE=CE=D5=C0 =CE=CF=D7=CF=D3=D4=D8 =CF > =C4=C5=C6=C5=CA=D3=C5... =FC=D4=CF =D4=C1=CB =DA=C1=C4=D5=CD=C1=CE=CF? := )) =FC=D4=CF =C2=D2=C1=DA=C9=CC=D8=D3=CB=C9=C5 =CB=C9=C4=C4=C9=D3=D9 =D2=C5=DB= =C9=CC=C9, =DE=D4=CF =D3=D4=C1=D2=C1=D1 =CE=C0=CB=C1 -- =DC=D4=CF =C4=CF=D3= =D4=CF=CA=CE=D9=CA =EE=C1=D3=D4=CF=D1=DD=C9=C8 =FC=CC=C9=D4=CE=D9=C8 =E8=C1=C3=CB=C5=D2=CF=D7 = (tm) =CF=C2=DF=C5=CB=D4, =CB=CF=D4=CF=D2=D9=CA =C4=C1=C5=D4 ROOT. =EE=D5 =DA=C1=D4=CB=CE=D5=CC =DC=D4=CF=D4 union sql injection, =D4=C1=CB = =D0=CF=CE=D1=D4=CE=CF, =DE=D4=CF =D4=C1=CD =C5=DD=C5 =D3 =D0=CF=CC=C4=C0=D6=C9=CE=D9 =CF=D3=D4=C1=CC=CF=D3=D8 =D4=C5=C8, =CB=CF=D4= =CF=D2=D9=C5 =C9 =C2=C5=C7=C1=CC=C9 =D0=CF =C2=C1=C7=D4=D2=C1=CB=D5, =CE=CF= =C2=C5=DA =C6=C9=CB=D3=CF=D7. =EE=D5 =D2=C1=D3=CB=C1=DE=C9=D7=C1=C5=CD=D3=D1 =CD=D9 = =D3 misha@ =D0=C1=D2=D5 =CC=C5=D4 =CB=C1=CB =D3=DF=C5=C8=C1=D4=D8 =CE=C1 =DE=D4=CF-=D4=CF =CE=CF=D2=CD=C1=CC=D8=CE=CF=C5, =D0=CF=D4=CF=CD=D5 =CB=C1= =CB =CE=C0=CB=C1 =D4=C1=CD =C2=D9=CC=C1 =D0=CF=D3=D4=C1=D7=CC=C5=CE=C1 =DE= =D5=D4=D8 =CC=C9 =CE=C5 =CE=C1 =D0=CF=C9=C7=D2=C1=D4=D8=D3=D1 :-) --=20 ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/ --5oH/S/bF6lOfqCQb Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="phpnuke-union-fix_head-of-mainfile.php" Content-Transfer-Encoding: quoted-printable //Union Tap Code (UTC) //Copyright Zhen-Xjell 2004 http://nukecops.com //Beta 4 Code to prevent UNION SQL Injections unset($matches); unset($loc); $loc=3Drawurldecode($_SERVER["QUERY_STRING"]); //This if block catches C-like comment code within all SQL Injections, not = just Union. //White paper available here: http://www.securiteam.com/securityreviews/5FP= 0O0KCKM.html if (strstr($loc,"*")) { die("YOU ARE SLAPPED BY NUKECOPS = BY USING '$loc'."); } //This catches plaintext and base64 version of the Union SQL Injection code. if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", $loc, $matches)) { die("YOU ARE SLAPPED BY NUKECOPS = BY USING '$matches[1]' INSIDE '$loc'."); } // End Hack Attempt=20 --5oH/S/bF6lOfqCQb-- --dgjlcl3Tl+kb3YDk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAmzJqbsPDprYMm3IRAjadAKDC4TZm1bgDnRvasmR+OAiRzf0TCwCggyB3 NsiGiYs2n+2oglscR60B4ak= =ALbG -----END PGP SIGNATURE----- --dgjlcl3Tl+kb3YDk--