Installations : Modules : NSN Sentinel
Page(s): 5/8
Modification du mainfile.php
14 - Editez le fichier "mainfile.php" qui se trouve à la racine de votre site.
15 - Trouvez le code suivant :
| Code: |
if (!defined('ADMIN_FILE') && !file_exists('includes/nukesentinel.php')) {
foreach ($_G@@@ET as $sec_key => $secvalue) {
if((eregi("<[^>]*script*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*object*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*iframe*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*applet*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*meta*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*style*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*form*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*img*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*onmouseover *"?[^>]*", $secvalue)) ||
(eregi("<[^>]*body *"?[^>]*", $secvalue)) ||
(eregi("([^>]*"?[^)]*)", $secvalue)) ||
(eregi(""", $secvalue)) ||
(eregi("forum_admin", $sec_key)) ||
(eregi("inside_mod", $sec_key)))
{
die ($htmltags);
}
}
foreach ($_P@@@OST as $secvalue) {
if ((eregi("<[^>]*iframe*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*object*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*applet*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*meta*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*onmouseover*"?[^>]*", $secvalue)) ||
(eregi("<[^>]script*"?[^>]*", $secvalue)) ||
(eregi("<[^>]*body*"?[^>]*", $secvalue)) ||
(eregi("<[^>]style*"?[^>]*", $secvalue))) {
die ($htmltags);
}
}
} |
et remplacez le par celui qui suit :
| Code: |
//if (!defined('ADMIN_FILE') && !file_exists('includes/nukesentinel.php')) {
// foreach ($_G@@@ET as $sec_key => $secvalue) {
// if((eregi("<[^>]*script*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*object*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*iframe*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*applet*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*meta*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*style*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*form*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*img*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*onmouseover *"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*body *"?[^>]*", $secvalue)) ||
// (eregi("([^>]*"?[^)]*)", $secvalue)) ||
// (eregi(""", $secvalue)) ||
// (eregi("forum_admin", $sec_key)) ||
// (eregi("inside_mod", $sec_key)))
// {
// die ($htmltags);
// }
//}
// foreach ($_P@@@OST as $secvalue) {
// if ((eregi("<[^>]*iframe*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*object*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*applet*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*meta*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*onmouseover*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]script*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]*body*"?[^>]*", $secvalue)) ||
// (eregi("<[^>]style*"?[^>]*", $secvalue))) {
// die ($htmltags);
// }
// }
//} |
16 - Trouvez le code suivant :
| Code: |
// Define the INCLUDE PATH
if(defined('FORUM_ADMIN')) {
define('INCLUDE_PATH', '../../../');
} elseif(defined('INSIDE_MOD')) {
define('INCLUDE_PATH', '../../');
} else {
define('INCLUDE_PATH', './');
}
// Include the required files
@require_once(INCLUDE_PATH."config.php");
if(!$dbname) {
die("<br><br><center><img src=images/logo.gif><br><br><b>There seems that PHP-Nuke isn't installed yet.<br>(The values in config.php file are the default ones)<br><br>You can proceed with the <a href='./install/index.php'>web installation</a> now.</center></b>");
}
@require_once(INCLUDE_PATH."db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
@require_once(INCLUDE_PATH."includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
@require_once(INCLUDE_PATH."includes/ipban.php");
if (file_exists(INCLUDE_PATH."includes/custom_files/custom_mainfile.php")) {
@include_once(INCLUDE_PATH."includes/custom_files/custom_mainfile.php");
} |
et remplacez le par celui qui suit :
| Code: |
// Define the INCLUDE PATH
if(defined('FORUM_ADMIN')) {
define('INCLUDE_PATH', '../../../');
} elseif(defined('INSIDE_MOD')) {
define('INCLUDE_PATH', '../../');
} else {
define('INCLUDE_PATH', './');
}
// Include the required files
@require_once(INCLUDE_PATH."config.php");
if(!$dbname) {
die("<br><br><center><img src=images/logo.gif><br><br><b>There seems that PHP-Nuke isn't installed yet.<br>(The values in config.php file are the default ones)<br><br>You can proceed with the <a href='./install/index.php'>web installation</a> now.</center></b>");
}
@require_once(INCLUDE_PATH."db/db.php");
@require_once(INCLUDE_PATH."includes/nukesentinel.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
@require_once(INCLUDE_PATH."includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
//@require_once(INCLUDE_PATH."includes/ipban.php");
if (file_exists(INCLUDE_PATH."includes/custom_files/custom_mainfile.php")) {
@include_once(INCLUDE_PATH."includes/custom_files/custom_mainfile.php");
} |
17 - Trouvez le code suivant :
| Code: |
if ((!isset($admin) OR (isset($admin) AND !is_admin($admin))) AND (stristr($postString,'%20union%20')) OR (stristr($postString,'*/union/*')) OR (stristr($postString,' union ')) OR (stristr($postString_64,'%20union%20')) OR (stristr($postString_64,'*/union/*')) OR (stristr($postString_64,' union ')) OR (stristr($postString_64,'+union+')) OR (stristr($postString,'http-equiv')) OR (stristr($postString_64,'http-equiv')) OR (stristr($postString,'alert(')) OR (stristr($postString_64,'alert(')) OR (stristr($postString,'javascript:')) OR (stristr($postString_64,'javascript:')) OR (stristr($postString,'document.cookie')) OR (stristr($postString_64,'document.cookie')) OR (stristr($postString,'onmouseover=')) OR (stristr($postString_64,'onmouseover=')) OR (stristr($postString,'document.location')) OR (stristr($postString_64,'document.location'))) {
header("Location: index.php");
die();
}
// Additional security (Union, CLike, XSS)
if(!file_exists('includes/nukesentinel.php')) {
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if(isset($_SERVER['QUERY_STRING'])) {
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
die('Illegal Operation');
}
}
if(!isset($admin) OR (isset($admin) AND !is_admin($admin))) {
$queryString = $_SERVER['QUERY_STRING'];
if (($_SERVER['PHP_SELF'] != "/index.php") OR !isset($url))
{
if (stristr($queryString,'http://')) die('Illegal Operation');
}
if ((stristr($queryString,'%20union%20')) OR (stristr($queryString,'/*')) OR (stristr($queryString,'*/union/*')) OR (stristr($queryString,'c2nyaxb0')) OR (stristr($queryString,'+union+')) OR ((stristr($queryString,'cmd=')) AND (!stristr($queryString,'&cmd'))) OR ((stristr($queryString,'exec')) AND (!stristr($queryString,'execu'))) OR (stristr($queryString,'concat'))) {
die('Illegal Operation');
}
}
} |
et remplacez le par celui qui suit :
| Code: |
//if ((!isset($admin) OR (isset($admin) AND !is_admin($admin))) AND (stristr($postString,'%20union%20')) OR (stristr($postString,'*/union/*')) OR (stristr($postString,' union ')) OR (stristr($postString_64,'%20union%20')) OR (stristr($postString_64,'*/union/*')) OR (stristr($postString_64,' union ')) OR (stristr($postString_64,'+union+')) OR (stristr($postString,'http-equiv')) OR (stristr($postString_64,'http-equiv')) OR (stristr($postString,'alert(')) OR (stristr($postString_64,'alert(')) OR (stristr($postString,'javascript:')) OR (stristr($postString_64,'javascript:')) OR (stristr($postString,'document.cookie')) OR (stristr($postString_64,'document.cookie')) OR (stristr($postString,'onmouseover=')) OR (stristr($postString_64,'onmouseover=')) OR (stristr($postString,'document.location')) OR (stristr($postString_64,'document.location'))) {
//header("Location: index.php");
//die();
//}
// Additional security (Union, CLike, XSS)
//if(!file_exists('includes/nukesentinel.php')) {
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
// unset($matches);
// unset($loc);
// if(isset($_SERVER['QUERY_STRING'])) {
// if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER['QUERY_STRING']), $matches)) {
// die('Illegal Operation');
// }
// }
// if(!isset($admin) OR (isset($admin) AND !is_admin($admin))) {
// $queryString = $_SERVER['QUERY_STRING'];
// if (($_SERVER['PHP_SELF'] != "/index.php") OR !isset($url))
// {
// if (stristr($queryString,'http://')) die('Illegal Operation');
// }
// if ((stristr($queryString,'%20union%20')) OR (stristr($queryString,'/*')) OR (stristr($queryString,'*/union/*')) OR (stristr($queryString,'c2nyaxb0')) OR (stristr($queryString,'+union+')) OR ((stristr($queryString,'cmd=')) AND (!stristr($queryString,'&cmd'))) OR ((stristr($queryString,'exec')) AND (!stristr($queryString,'execu'))) OR (stristr($queryString,'concat'))) {
// die('Illegal Operation');
// }
// }
//} |
18 - Trouvez le code suivant :
| Code: |
function online() {
global $user, $cookie, $prefix, $db;
$ip = $_SERVER['REMOTE_ADDR']; |
et remplacez le par celui qui suit :
| Code: |
function online() {
global $nsnst_const, $user, $cookie, $prefix, $db;
if(!file_exists('includes/nukesentinel.php')) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = $nsnst_const['remote_ip'];
} |
19 - Etape supprimée suite aux évolution de Sentinel.
20 - Sauvegardez, fermez et uploadez le fichier sur votre serveur
Passez à l'étape suivante
 Page précédente (4/8) - Page suivante (6/8) 
Publié le : 2007-07-26 par stefvar, dernière modification le : 2007-07-26 par stefvar(726 lectures)
|
