|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 349 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Admin Tap XSS Version 3 Patch |
|
 I'm incorporating some of my previous XSS patches into one known now as Admin Tap. The most current is talked about here Version three allows admins to make use to the admin block links from outside the admin CP. Simply install this into your admin.php after the opening PHP tag.
//Admin Tap
//Security XSS Prevention by Zhen-Xjell @ http://NukeCops.com
//Nuke Cops: Official PHP-Nuke Development Team
//Version 3: 26 Apr 2004
//Unsets used to help sites with register_globals on.
unset($refer);
unset($argv);
unset($checkurl);
//Variable assignments
$refer = $_SERVER['HTTP_REFERER'];
$argv = $_SERVER['argv'];
$checkurl = $_SERVER['REQUEST_URI'];
//Check how admin.php applications are accessed.
//Used to prevent XSS hacks like those found in the bbcode IMG tags.
// http://nukecops.com/article1797.html
if ($argv[0] != "") {
if (!preg_match("/op=gfx/", "$argv[0]")) {
if (!preg_match("/op=submission/", "$argv[0]") && !preg_match("/op=downloads/", "$argv[0]")) {
if (!preg_match("/admin.php/", "$refer")) {
echo "<BR>$refer<BR><a href=\"http://nukecops.com\">Nuke Cops Slaps You Silly</a>";
exit;
}
}
}
}
// http://www.nukecops.com/article-1793--0-0.html
// http://www.nukecops.com/article810.html
//Some of these are more redundant at this point than anything else.
if (preg_match("/?admin/", "$checkurl")) {
echo "<a href=\"http://nukecops.com\">Nuke Cops Slaps You Silly</a>";
exit;
}
if (preg_match("/AddAuthor/", "$checkurl")) {
echo "<a href=\"http://nukecops.com\">Nuke Cops Slaps You Silly</a>";
exit;
}
if (preg_match("/UpdateAuthor/", "$checkurl")) {
echo "<a href=\"http://nukecops.com\">Nuke Cops Slaps You Silly</a>";
exit;
}
|
|
Posted on Monday, April 26 @ 22:00:16 CEST by Zhen-Xjell |
|
|
|
|
| |
|
Average Score: 5
Votes: 1
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Admin Tap XSS Version 3 Patch (Score: 1)
by genoxide on Monday, April 26 @ 22:15:51 CEST
(User Info | Send a Message) http://www.projectxero.org | If someone fakes the reference is it possible he can get in?
exp, what if i fake that i came from www.nukecops.com/admin.php? |
| | | | |
Re: Admin Tap XSS Version 3 Patch (Score: 1)
by foxyfemfem on Tuesday, April 27 @ 06:35:11 CEST
(User Info | Send a Message) | Hello,
For those who have register_globals on can't they add something like this to their .htaccess file?.....
php_flag register_globals off |
| | | | |
Re: Admin Tap XSS Version 3 Patch (Score: 1)
by dmolavi on Tuesday, April 27 @ 08:03:52 CEST
(User Info | Send a Message) http://www.nukedgallery.net | | using the admin block on my site, i still get the "NukeCops slaps you silly" page when trying to access the admin page from any other page besides the admin CP. |
| | | | |
Re: Admin Tap XSS Version 3 Patch (Score: 1)
by Mouldy_punk on Sunday, May 16 @ 08:23:27 CEST
(User Info | Send a Message) http://www.mouldypunk.com | I get this error messege
Warning: Compilation failed: nothing to repeat at offset 0 in /hsphere/local/home/gtauknet/gtaisland.gta-shack.com/admin.php on line 46
But I can still use the admin panel but it says that above the header. |
| | | | |
Re: Admin Tap XSS Version 3 Patch (Score: 1)
by jeffulri on Monday, May 17 @ 10:54:10 CEST
(User Info | Send a Message) | | I assume that this is redundant if you're running PHP-Nuke 7.3? |
| | | | | |
