eAuction
  Not just another Perl script
Google
Welcome, Guest. Please Login or Register


If you use eAuction a lot and like it or if you make money from eAuction or from eAuction-related activities ...
then the project asks you for a donation in favor of the further development.



The forums are protected by
AccessControl
(written by Dieter Werner)
Click here if you want to check your IP against the most important RBLs of the net.
Click here in order to visite the AccessControl forums.


<< Visit the international e Auction Marketplace >>
Buy and sell PC and Consumer Electronic components






  HomeHelpSearchLoginRegister
 



Pages: 1 2 3 4
Security Patch (2) (Read 2142 times)
Dieter Werner
Administrator
*****
Offline

Dipl. Paranoiac ®

Posts: 1162
Germany
Gender: male
Security Patch (2)
04/06/05 at 15:10:26
 
Search eAuction.pl for
sub get_form_data
Replace the sub by copy & paste the following
Code:
#-#############################################
# Sub: Get Form Data
# Written by: Dieter Werner
# All rights reserved by the author
#-#############################################
sub get_form_data {
   use CGI;
   
   my $query = CGI->new;
   my ($file, $cnt, $type, $val, $ext, $err);
   local $_;
   
   $CGI::POST_MAX = 1024 * 1000; # 1000 kb
   %form = $query->Vars;

       for (1 .. 3) {
           undef $val;
           
               if ($file = $query->upload("UploadFile$_")) {
                   $cnt++;
                   $type = $query->uploadInfo($file)->{'Content-Type'};
                   $ext = (split /\./, $file)[-1];
               
                   binmode STDIN;
               
                       while (<$file>) {
                           $val .= $_;
                           (length($val) > 310000) && do {
                               ($val = $file) =~ s/\\/\//g;
                               $val = (split /\//, $val)[-1];
                               $form{'error'} = "$val\n$txt{'File too big'}";
                               last;
                           };
                       };
               
                   close $file;
                   $form{'error'} && last;
               
                   (defined($err = check_data(\$val, $ext)) or $type !~ /image/i)
                       ?   do {
                               ($val = $file) =~ s/\\/\//g;
                               $val = (split /\//, $val)[-1];
                               $form{'error'} = "$val\n$err";
                               last;
                           }
                       :   write_data(\$val, $ext, $cnt, 1);
               }
       }
       
   $form{'action'} = 'nodata' unless exists $form{'action'};
   $form{'lang'} = $config{'lang'} unless exists $form{'lang'};

   escape_content();
   translate($form{'lang'});
}

#-#############################################
# Sub: Check Keys/Values and Escape Values
# Written by: Dieter Werner
# All rights reserved by the author
#-#############################################
sub escape_content {
   my ($error_mess, $key, $pattern);
   my $err = 0;
   my $subj = 'Hacker alert';
   local $_;

   my @forbid = qw/script applet embed system exec grep eval/;
     
       foreach $key (keys %form) {
           $err >= 1 && last;
           $key =~ /\W/ && do {
               $error_mess = qq|Form has been hacked by IP: $ENV{'REMOTE_ADDR'}|;
               $error_mess .= qq|User: $form{'ALIAS'}\n| if $form{'ALIAS'};
               $error_mess .= qq|Content: $key|;
               $err++;
               last;
           };
           
           $form{$key} =~ s/^\s//og;            
           ($key eq 'error' or $key =~ /IMAGE/) && next;
           
           $key eq 'DESC' && do {
               $form{$key} =~ s/\r//og;
               $form{$key} =~ s/\n/<br>/og unless $form{$key} =~ /\<.*?\>/;
           };
           
           $form{$key} =~ s/[\r\n]//og;            
           
           $form{$key} =~ /(\@\{\[)|(\`)/ && do {
               $error_mess = qq|The field: $key\nhas been hacked by IP: $ENV{'REMOTE_ADDR'}\n|;
               $error_mess .= qq|User: $form{'ALIAS'}\n| if $form{'ALIAS'};
               
               $1 && ($pattern = " $1");                
               $2 && ($pattern .= " $2");
               
               $error_mess .= qq|Content:$pattern|;
               $err++;
               last;
           };
     
           $form{$key} =~ s/(<[^>]*?)\b(on\w+\s*\=)/Hacker: $form{'ALIAS'} $1x$2/ig;
           $form{$key} =~ s/<\!\-\-\s*?\#?\s*?\w+\s*?\=/Hacker: $form{'ALIAS'} \<\!\-\-/g;
           
               foreach $pattern (@forbid) {      
                   $form{$key} =~ s/(<\s*)($pattern)/Hacker: $form{'ALIAS'} \<\!\-\-$1x$2/ig;
                   $form{$key} =~ s/(<\s*\/+)($pattern\s*>)/\$1x$2\-\-\> Hacker: $form{'ALIAS'} /ig;
                   $form{$key} =~ s/(\s*$pattern\s*\W*.*?\W*\;+)/ Hacker: $form{'ALIAS'} /ig;
               }
       
           $form{$key} =~ s/([^\w.'@%\/\\\s\-\+])/sprintf("%%%2.2x", ord($1))/ge;
       }

   $err >= 1 && do {        
       sendemail(
           \$config{'admin_address'},
           \$config{'admin_address'},
           \$subj,
           \$error_mess
       );
       
       $error_mess =~ s/\n/\<br\>/g;  
       oops($error_mess);
   };
}




Search eAuction.pl for 'sub enable_html'
and replace it with this:

Code:
#-#############################################
# Sub: Enable HTML-Tags
# Written by: Dieter Werner
# All rights reserved by the author
#-#############################################
sub enable_html {
   my $val = shift || return 0;
       
   $val =~ s/%([0-9a-f]{2,2})/pack("c",hex($1))/ge;
   return $val;
} 

Back to top
 
« Last Edit: 07/06/05 at 13:32:32 by Dieter Werner »  

Multimedia file viewing and clickable links are available for registered members only!!  You need to Login or Register!!


Greetings from Germany
Dieter Werner




Advertising
View Profile | WWW   IP Logged
PaulC
eAuction Novice
*
Offline



Posts: 2

Re: Security Patch (2)
Reply #1 - 05/19/05 at 04:07:53
 
I updated my eAuction file with the two updates, and now I get "Your setup is not correct... illegal seek!"
I checked the permissions and they are still 755 for the auction.pl file (version 1.6.1.60 created 4/17/2005)

Double checked the search and replace and I don't see any additional characters inserted where the modifications were, but I did see a bit of corruption on the first line of the file, which I removed.
I used the edit function of winscp to edit the file directly on my RH9 server.

Just noticed the source file was created after the patches were released on the forum????
I did not see the sub escape_content anywhere in the original file.

Restored the original "bits" into the file and all is well again.  I guess I won't incorporate these security patches right now... Smiley

Any ideas anyone??
Paul
Back to top
 
 


Advertising
View Profile   IP Logged
Dieter Werner
Administrator
*****
Offline

Dipl. Paranoiac ®

Posts: 1162
Germany
Gender: male
Re: Security Patch (2)
Reply #2 - 05/19/05 at 15:13:44
 
PaulC   wrote on 05/19/05 at 04:07:53:
but I did see a bit of corruption on the first line of the file, which I removed.


Looks like your editor is the bad boy  Wink
Back to top
 
 

Multimedia file viewing and clickable links are available for registered members only!!  You need to Login or Register!!


Greetings from Germany
Dieter Werner




Advertising
View Profile | WWW   IP Logged
Pages: 1 2 3 4


If you like eAuction, please Rate it.
If you don't like eAuction, please Rate it too.


1 is being poor and 10 is being excellent


EveryScript

ip-location


AccessControl - Members Only