- Moderated by:
- Support Team
Help Modifying Groups Module (XSS trouble)
-
- rank:
-
Freshman
- registered:
- December 2005
- Status:
- offline
- last visit:
- 06.12.05
- Posts:
- 5
I've been trying to modify the groups module to allow a user who has PNphpBB installed to easily synchronize PN groups with PostNuke groups. I'm having a security issue where my code is being blocked.
A few disclaimers:
1) I don't do much PHP, HTML, or SQL coding (or coding in general lately) so any suggestions are welcome.
2) I intend to clean up the code a lot once its working, and only have certain sections displayed if the PostNuke installation has an active PNphpBB install. Of course, once again any other suggestions are welcome.
3) The logic hasn't been guaranteed to work since I have been unable to test it due to the block.
Anyway, I'll start with the block message:
Code
Attention site admin of Nightwind,
On Dec 03, 2005 at 03:26 PM the PostNuke code has
detected that somebody tried to send information
to your site that may have been intended as a
hack. do not panic, it may be harmless: maybe this
detection was triggered by something you did!
Anyway, it was detected and blocked.
The suspicious activity was recognized in
pnAntiCracker on line 55, and is of the type
pnSecurity Alert.
Additional information given by the code which
detected this: GET Intrusion detection.
Below you will find a lot of information obtained
about this attempt, that may help you to find
what happened and maybe who did it.
=====================================
Information about this user:
=====================================
PostNuke username: Me
Registered email of this PostNuke user:
(Left out for posting)
Registered real name of this PostNuke user:
IP numbers: [note: when you are dealing with a
real cracker these IP numbers might not be from
the actual computer he is working on]
IP according to HTTP_CLIENT_IP:
IP according to REMOTE_ADDR: (Removed for posting)
IP according to
gethostbyname($_SERVER['REMOTE_ADDR']):
(Removed for posting)
=====================================
Browser information
=====================================
HTTP_USER_AGENT: Mozilla/5.0 (X11; U; Linux i686;
en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7
SUSE/1.0.7-0.1
BROWSER * 0 :
=====================================
Information in the $_GET array
This is about variables that may have been in the
URL string or in a 'GET' type form.
=====================================
GET * module : Groups
GET * type : admin
GET * func : synchronize\"
=====================================
Information in the $_POST array
This is about visible and invisible form elements.
=====================================
POST * PNGroups : 3
POST * convertorder : 0
POST * BBGroups : 25
=====================================
Information in the $_COOKIE array
=====================================
COOKIE * POSTNUKESID :
a0717a4554a42ddf6a56318a34fd435c
COOKIE * pnphpbb2mysql_data :
a:2:{s:11:\"autologinid\";N;s:6:\"userid\";s:2:\"30\";}
COOKIE * eqdkp_data :
a:2:{s:13:\"auto_login_id\";s:0:\"\";s:7:\"user_id\";s:1:\"1\";}
COOKIE * pnphpbb2mysql_sid :
8efeb98737392ac2fc82c69880438095
COOKIE * pnphpbb2mysql_t :
a:15:{i:98;i:1133578797;i:180;i:1133580158;i:177;i:1133612852;i:160;i:1133600961;i:171;i:1133603927;i:105;i:1133604698;i:58;i:1133604711;i:181;i:1133640615;i:182;i:1133610993;i:80;i:1133640874;i:43;i:1133640897;i:183;i:1133647594;i:184;i:1133647635;i:185;i:1133649047;i:186;i:1133652029;}
COOKIE * eqdkp_sid :
fb661e1118297c45ddd342a16d511801
=====================================
Information in the $_FILES array
=====================================
=====================================
Information in the $_SESSION array
This is session info. The variables
starting with PNSV are PostNukeSessionVariables.
=====================================
SESSION * PNSVrand : 752542420
SESSION * PNSVlang : eng
SESSION * PNSVfullpage : 0
SESSION * PNSVsubforum : 0
SESSION * PNSVpnphpbbstylesheet :
./modules/PNphpBB2/templates/PNTheme/styles/Dezina_Patriot.css
SESSION * PNSVuid : 30
SESSION * PNSV_pnFgameStart : 1133644217
SESSION * PNSVlastcid : 1
SESSION * PNSVbrowserinfo :
O:8:"phpsniff":17:{s:8:"_version";s:5:"2.1.4";s:15:"_temp_file_path";s:5:"/tmp/";s:14:"_check_cookies";N;s:17:"_default_language";s:5:"en-us";s:19:"_allow_masquerading";N;s:12:"_php_version";s:0:"";s:9:"_browsers";a:28:{s:27:"microsoft
internet
explorer";s:2:"IE";s:4:"msie";s:2:"IE";s:9:"netscape6";s:2:"NS";s:8:"netscape";s:2:"NS";s:6:"galeon";s:2:"GA";s:7:"phoenix";s:2:"PX";s:16:"mozilla
firebird";s:2:"FB";s:8:"firebird";s:2:"FB";s:7:"firefox";s:2:"FX";s:7:"chimera";s:2:"CH";s:6:"camino";s:2:"CA";s:8:"epiphany";s:2:"EP";s:6:"safari";s:2:"SF";s:8:"k-meleon";s:2:"KM";s:7:"mozilla";s:2:"MZ";s:5:"opera";s:2:"OP";s:9:"konqueror";s:2:"KQ";s:4:"icab";s:2:"IC";s:4:"lynx";s:2:"LX";s:5:"links";s:2:"LI";s:11:"ncsa
mosaic";s:2:"MO";s:5:"amaya";s:2:"AM";s:7:"omniweb";s:2:"OW";s:7:"hotjava";s:2:"HJ";s:7:"browsex";s:2:"BX";s:12:"amigavoyager";s:2:"AV";s:10:"amiga-aweb";s:2:"AW";s:7:"ibrowse";s:2:"IB";}s:20:"_javascript_versions";a:7:{s:3:"1.5";s:39:"NS5+,MZ,PX,FB,FX,GA,CH,CA,SF,KQ3+,KM,EP";s:3:"1.4";s:0:"";s:3:"1.3";s:17:"NS4.05+,OP5+,IE5+";s:3:"1.2";s:9:"NS4+,IE4+";s:3:"1.1";s:10:"NS3+,OP,KQ";s:3:"1.0";s:9:"NS2+,IE3+";i:0;s:8:"LI,LX,HJ";}s:17:"_browser_features";a:13:{s:4:"html";s:0:"";s:6:"images";s:5:"LI,LX";s:6:"frames";s:2:"LX";s:6:"tables";s:0:"";s:4:"java";s:24:"OP3,LI,LX,NS1,MO,IE1,IE2";s:7:"plugins";s:13:"IE1,IE2,LI,LX";s:4:"css2";s:49:"NS5+,IE5+,MZ,PX,FB,FX,CH,CA,SF,GA,KQ3+,OP7+,KM,EP";s:4:"css1";s:47:"NS4+,IE4+,MZ,PX,FB,FX,CH,CA,SF,GA,KQ,OP7+,KM,EP";s:7:"iframes";s:50:"LI,IE3+,NS5+,MZ,PX,FB,FX,CH,CA,SF,GA,KQ,OP7+,KM,EP";s:3:"xml";s:47:"IE5+,NS5+,MZ,PX,FB,FX,CH,CA,SF,GA,KQ,OP7+,KM,EP";s:3:"dom";s:47:"IE5+,NS5+,MZ,PX,FB,FX,CH,CA,SF,GA,KQ,OP7+,KM,EP";s:4:"hdml";s:0:"";s:3:"wml";s:0:"";}s:15:"_browser_quirks";a:6:{s:16:"must_cache_forms";s:14:"NS,MZ,FB,PX,FX";s:19:"avoid_popup_windows";s:9:"IE3,LI,LX";s:19:"cache_ssl_downloads";s:2:"IE";s:24:"break_disposition_header";s:5:"IE5.5";s:22:"empty_file_input_value";s:2:"KQ";s:16:"scrollbar_in_way";s:3:"IE6";}s:13:"_browser_info";a:17:{s:2:"ua";s:94:"mozilla/5.0
(x11; u; linux i686; en-us; rv:1.7.12)
gecko/20050920 firefox/1.0.7
suse/1.0.7-0.1";s:7:"browser";s:2:"fx";s:7:"version";s:5:"1.0.7";s:7:"maj_ver";s:1:"1";s:7:"min_ver";s:4:".0.7";s:10:"letter_ver";s:0:"";s:10:"javascript";s:3:"1.5";s:8:"platform";s:4:"*nix";s:2:"os";s:5:"linux";s:2:"ip";s:14:"12.202.165.116";s:7:"cookies";s:7:"Unknown";s:10:"ss_cookies";s:7:"Unknown";s:10:"st_cookies";s:7:"Unknown";s:8:"language";s:8:"en-us,en";s:9:"long_name";s:7:"firefox";s:5:"gecko";s:8:"20050920";s:9:"gecko_ver";s:6:"1.7.12";}s:12:"_feature_set";a:13:{s:4:"html";b:1;s:6:"images";b:1;s:6:"frames";b:1;s:6:"tables";b:1;s:4:"java";b:1;s:7:"plugins";b:1;s:7:"iframes";b:1;s:4:"css2";b:1;s:4:"css1";b:1;s:3:"xml";b:1;s:3:"dom";b:1;s:3:"wml";b:0;s:4:"hdml";b:0;}s:7:"_quirks";a:6:{s:16:"must_cache_forms";b:1;s:19:"avoid_popup_windows";b:0;s:19:"cache_ssl_downloads";b:0;s:24:"break_disposition_header";b:0;s:22:"empty_file_input_value";b:0;s:16:"scrollbar_in_way";b:0;}s:23:"_get_languages_ran_once";b:1;s:21:"_browser_search_regex";s:39:"([a-z]+)([0-9]*)([0-9.]*)(up|dn|\+|\-)?";s:22:"_language_search_regex";s:12:"([a-z-]{2,})";s:14:"_browser_regex";s:292:"/(microsoft
internet
explorer|msie|netscape6|netscape|galeon|phoenix|mozilla
firebird|firebird|firefox|chimera|camino|epiphany|safari|k-meleon|mozilla|opera|konqueror|icab|lynx|links|ncsa
mosaic|amaya|omniweb|hotjava|browsex|amigavoyager|amiga-aweb|ibrowse)[\/\sa-z(]*([0-9]+)([\.0-9a-z]+)?/i";}
Now, I'll post the change I made to pnadmin.php. I added the following code to Groups_admin_view:
Code
$pn_phpbb_groups = array();
$result = @mysql_query("SELECT group_name,group_id FROM pn_phpbb_groups WHERE CHAR_LENGTH(group_name)>0"); // WHERE LENGTH(group_name) > 0
for($i=0; $result_array = mysql_fetch_array($result);$i++) {
$pn_phpbb_groups[$i]= array('name' => $result_array[0], 'gid' => $result_array[1]);
}
The following function was also added to pnadmin.php:
Code
function Groups_admin_synchronize($args)
{
list($pn_phpbb_group_id,
$pn_group_id,
$pn_to_phpbb) = pnVarCleanFromInput('BBGroups',
'PNGroups',
'convertorder');
extract($args);
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('Groups', 'admin', 'view'));
return true;
}
if (!pnModAPILoad('Groups', 'admin')) {
return pnVarPrepHTMLDisplay(_LOADFAILED);
}
// Convert PN gropu to pnphpbb group? If not, vica versa
// $pn_to_pnphpbb=0;
$query = "SELECT user_id FROM pn_phpbb_user_group WHERE group_id = $pn_phpbb_group_id";
$result = @mysql_query($query) or
die("Could not submit query");
//$numrows = @mysql_num_rows($result);
$pnphpbb_group_users = array();
for($i=0; $result_array = mysql_fetch_array($result);$i++) {
//$query = "SELECT username FROM pn_phpbb_users WHERE user_id=$result_array[0]";
$pnphpbb_group_users[$i]=$result_array[0];
}
$query = "SELECT pn_uid FROM pn_group_membership WHERE pn_gid = $pn_group_id";
$result = @mysql_query($query) or
die("Could not submit query");
$pn_group_users = array();
for($i=0; $result_array = mysql_fetch_array($result);$i++) {
$pn_group_users[$i]=$result_array[0];
}
if ($pn_to_pnphpbb == 0) { // Convert pnphpbb group to pn group
foreach($pnphpbb_group_users as $pnphpbb_user) { // Add in users that aren't in the PN group.
if(!in_array($pnphpbb_user,$pn_group_users))
$result=@mysql_query("INSERT INTO pn_group_membership (pn_gid, pn_uid) VALUES ($pn_group_id, $pnphpbb_user)");
}
foreach($pn_group_users as $pn_user) { // Drop users that aren't in the pnphpbb group
if(!in_array($pn_user,$pnphpbb_group_users))
$result=@mysql_query("DELETE FROM pn_goup_membership WHERE pn_uid = $pn_user");
}
}
else {
foreach($pn_group_users as $pn_user) {
if(!in_array($pn_user,$pnphpbb_group_users))
$result=@mysql_query("INSERT INTO pn_phpbb_user_group (group_id, user_id, user_pending) VALUES($pn_phpbb_group_id, $pn_user, 0)");
}
foreach($pnphpbb_group_users as $pnphpbb_user) {
if(!in_array($pnphpbb_user, $pn_group_users))
$result=@mysql_query("DELETE FROM pn_phpbb_user_group WHERE user_id = $pnphpbb_user");
}
}
}
Finally, I edited groups_admin_view.htm to include the following form:
Code
<form class="pn-adminform" name="PNphpbbGroupSynch" action=<!--[pnmodurl modname="Groups" type="admin" func="synchronize"]-->" method="post" enctype="application/x-www-form-urlencoded">
<div align="center">
<table>
<tr><th colspan="4">Use this only if you want to synchronize a PNphpbb group with a Postnuke <br> group. Select "To" for converting a Postnuke group to a PNphpbb group or <br>"From" to convert a PNphpbb group to a Postnuke group.
<tr><td><td>Postnuke Group<td><td>PNphpbb Group
<tr><td><b>Convert: </b>
<td>
<select name="PNGroups">
<!--[section name=groups loop=$groups]-->
<option value=<!--[$groups[groups].gid|pnvarprepfordisplay]-->><!--[$groups[groups].name|pnvarprepfordisplay]--></option>
<!--[/section]-->
</select>
<td>
<center> <table>
<tr> <td> <input type="Radio" name="convertorder" value=0>From</input>
<tr> <td> <input type="Radio" name="convertorder" value=1>To</input>
</table> </center>
<td>
<select name="BBGroups">
<!--[section name=pn_phpbb_groups loop=$pn_phpbb_groups]-->
<option value=<!--[$pn_phpbb_groups[pn_phpbb_groups].gid|pnvarprepfordisplay]-->><!--[$pn_phpbb_groups[pn_phpbb_groups].name|pnvarprepfordisplay]--></option>
<!--[/section]-->
</select>
<tr> <td> <td> <td>
<input type="Submit" value="Synchronize groups">
</table>
</div>
</form>
Thanks for any help, I'll continue to work on this and see if I can figure it out.
-
- rank:
-
Freshman
- registered:
- December 2005
- Status:
- offline
- last visit:
- 06.12.05
- Posts:
- 5
Could anyone please tell me what I should do to take a step in the right direction? Learning for me is most important so I'm not asking that people give me a solution, just any advice :) Thanks for the feeback.
|
