~Gri to Khadafi~

Daddy · March 06, 2014, 08:31:15 AM

Quote from: gri on March 06, 2014, 08:29:17 AM
What is more dangerous for your forum -

your laughing on your office guys
or EVAL() function in the posts
?

EVAL() in posts.

I'm an administrator at work. The guy across the hall is a director but he's not my boss SO I DON'T FEAR SHIT

Clara Listensprechen · March 06, 2014, 08:32:07 AM

gri, the link in your sig doesn't work.

gri · March 06, 2014, 08:47:37 AM

Quote from: Khadafi
EVAL() in posts.

Khadafi,
Equally in lower and upper case of letters ?

Daddy · March 06, 2014, 08:48:21 AM

I have no control over that. It's something outside of SMF.

gri · March 06, 2014, 08:57:20 AM

Quote from: Khadafi
The phrase you were trying to post is disabled by our PHP server
because if ANY escape sequence manages to work, and that command is issued
then one of PHP's largest vulnerabilities can be exploited
and any script can be injected in a page.

Who is the Author of this php patch for lower case letters only
?

Daddy · March 06, 2014, 10:33:57 AM

idk cloudflare or something.

snoorkel · March 06, 2014, 11:53:06 AM

Quote from: gri on March 06, 2014, 08:57:20 AM
Quote from: Khadafi
The phrase you were trying to post is disabled by our PHP server
because if ANY escape sequence manages to work, and that command is issued
then one of PHP's largest vulnerabilities can be exploited
and any script can be injected in a page.

Who is the Author of this php patch for lower case letters only
?

O Gri, it is Apache's mod_security.

gri · March 06, 2014, 12:35:35 PM

Quote from: Khadafi
idk cloudflare or something.

What can be achieved by means of EVAL() function ?

Can you write a code for dowloading of Display.template.php file
if to post such a code to a forum
at the server without the mentioned patch ?

snoorkel · March 06, 2014, 12:47:13 PM

Quote from: gri on March 06, 2014, 12:35:35 PM
Quote from: Khadafi
idk cloudflare or something.

What can be achieved by means of EVAL() function ?

Can you write a code for dowloading of Display.template.php file
if to post such a code to a forum
at the server without the mentioned patch ?

Yes, that could happen on an unprotected server. An attacker could also upload a malicious file, or something similar, then proceed to attack information in the database.

gri · March 06, 2014, 12:54:15 PM

I need both the code for downloading of the predefined file
and the code for uploading of the modified file.

To test this technology on my forum first..

snoorkel · March 06, 2014, 01:08:29 PM

Daddy · March 06, 2014, 01:08:49 PM

who the hell is pedro

snoorkel · March 06, 2014, 01:09:26 PM

who the fuck is carlos?

gri · March 06, 2014, 08:01:44 PM

Quote from: Khadafi
Check this resources about SQL injection:

Was not very helpfull for me, unfortunately.

A coder Carlos is needed
who will suggest the definite code of the test post.

gri · March 06, 2014, 08:08:41 PM

Quote from: Clara Listensprechen
The error I get is that it takes too long to respond, that it has timed out.

Khadafi,
please create an account on your hosting
for my tiny forum mirror.

~Gri to Khadafi~

Daddy

March 06, 2014, 08:31:15 AM #105

Clara Listensprechen

March 06, 2014, 08:32:07 AM #106

gri

March 06, 2014, 08:47:37 AM #107

Daddy

March 06, 2014, 08:48:21 AM #108

gri

March 06, 2014, 08:57:20 AM #109

Daddy

March 06, 2014, 10:33:57 AM #110

snoorkel

March 06, 2014, 11:53:06 AM #111

gri

March 06, 2014, 12:35:35 PM #112

snoorkel

March 06, 2014, 12:47:13 PM #113

gri

March 06, 2014, 12:54:15 PM #114

snoorkel

March 06, 2014, 01:08:29 PM #115

Daddy

March 06, 2014, 01:08:49 PM #116

snoorkel

March 06, 2014, 01:09:26 PM #117

gri

March 06, 2014, 08:01:44 PM #118 Last Edit: March 07, 2014, 12:29:21 AM by gri

gri

March 06, 2014, 08:08:41 PM #119