Home >> Fix Nuke Sentinel SQJ Injection

Fix Nuke Sentinel SQJ Injection

domenica 21 febbraio 2010 By Leave a Comment

ll sentinel non blocca delle sql injection scritte in un certo modo… Per fixarlo:
Aprire includes/nukesentinel.php e cercare:

if (stristr($nsnst_const['query_string'],'%20union%20') OR stristr($nsnst_const['query_string'],'*/union/*') OR
stristr($nsnst_const['query_string'],' union ') OR stristr($nsnst_const['query_string_base64'],'%20union%20') OR
stristr($nsnst_const['query_string_base64'],'*/union/*') OR stristr($nsnst_const['query_string_base64'],' union ')) {

 

E sostituiscilo con

if (stristr($nsnst_const['query_string'],'+union+') OR stristr($nsnst_const['query_string'],'%20union%20') OR
stristr($nsnst_const['query_string'],'*/union/*') OR stristr($nsnst_const['query_string'],' union ') OR
stristr($nsnst_const['query_string_base64'],'+union+') OR stristr($nsnst_const['query_string_base64'],'%20union%20') OR
stristr($nsnst_const['query_string_base64'],'*/union/*') OR stristr($nsnst_const['query_string_base64'],' union ')) {

 

Crediti: Vincy

Michele

Leggi anche:

Filed Under: Articoli Tagged With: , , , , ,

Switch to our mobile site