Sitelerinde phpBB Search Engine Indexer (archive modu) kurulu olanlar, CrackerTracker 5.0.x sürümünü yükledikten sonra
Bunun çözümü araştırmalarıma göre henüz hiç bir yerde verilmemiş.Bunu şu şekilde düzeltebiliriz:
Kod: Tümünü seç
#
#-----[ AÇ ]------------------------------------------
#
ctracker/engines/ct_security.php
#
#-----[ BUL ]------------------------------------------
#
foreach ( $checkpost as $post_var_fieldname => $post_var_field_value )
{
// Some fields in $HTTP_POST_VARS don't get checked to prevent wrong detection
$unchecked_fields = array('username', 'password', 'subject', 'message',
'poll_title', 'poll_option', 'poll_delete',
'email', 'confirm_code', 'aim', 'msn', 'yim',
'interests', 'occupation', 'signature', 'website',
'location', 'search', 'sitename', 'word',
'replacement', 'help', 'last_msg', 'quote',
'preview', 'post', 'mode', 'content', 'server_name',
'script_path', 'sitename', 'site_desc', 'disable_reg_msg',
'disable_msg', 'cookie', 'avatar', 'file', 'picture',
'filter', 'xs', 'edit', 'content', 'fileupload', 'filecomment',
'comment', 'rate', 'pic');
$is_unchecked_field = str_replace($unchecked_fields, '', $post_var_fieldname);
if ( $is_unchecked_field == $post_var_fieldname )
{
// Prevent tricks wich comment out SQL commands
$post_var_field_value = str_replace(array('/', '*'), '', $post_var_field_value);
// Now we do a very simple method to mark potential Worm activities
$check_post_var = str_replace($ct_rules, '*', $post_var_field_value);
if ( $post_var_field_value != $check_post_var )
{
$ct_attack_detection = true;
break;
}
}
}
#
#-----[ BUNUNLA DEĞİŞTİR ]------------------------------------------
#
if($checkpost)
{
foreach ( $checkpost as $post_var_fieldname => $post_var_field_value )
{
// Some fields in $HTTP_POST_VARS don't get checked to prevent wrong detection
$unchecked_fields = array('username', 'password', 'subject', 'message',
'poll_title', 'poll_option', 'poll_delete',
'email', 'confirm_code', 'aim', 'msn', 'yim',
'interests', 'occupation', 'signature', 'website',
'location', 'search', 'sitename', 'word',
'replacement', 'help', 'last_msg', 'quote',
'preview', 'post', 'mode', 'content', 'server_name',
'script_path', 'sitename', 'site_desc', 'disable_reg_msg',
'disable_msg', 'cookie', 'avatar', 'file', 'picture',
'filter', 'xs', 'edit', 'content', 'fileupload', 'filecomment',
'comment', 'rate', 'pic');
$is_unchecked_field = str_replace($unchecked_fields, '', $post_var_fieldname);
if ( $is_unchecked_field == $post_var_fieldname )
{
// Prevent tricks wich comment out SQL commands
$post_var_field_value = str_replace(array('/', '*'), '', $post_var_field_value);
// Now we do a very simple method to mark potential Worm activities
$check_post_var = str_replace($ct_rules, '*', $post_var_field_value);
if ( $post_var_field_value != $check_post_var )
{
$ct_attack_detection = true;
break;
}
}
}
}
#
#-----[ KAYDET/KAPAT ]------------------------------------------
#
# SoN