Web Görseller Haberler Gruplar Bloglar Çeviri Gmail diğer »
Son Ziyaret Edilen Gruplar | Yardım | Oturum açın
Google Grupları Giriş
mkportal
Güvenlik Yaması Blog ve Gallery Modülleri MKP 1.1 iletisi

Parçalar halinde göster - Sadece ileti metnini göster

Received: by 10.11.53.59 with SMTP id b59mr64752cwa;
        Mon, 08 May 2006 17:09:12 -0700 (PDT)
Received: from 85.99.180.42 by j73g2000cwa.googlegroups.com with HTTP;
	Tue, 09 May 2006 00:09:12 +0000 (UTC)
From:  "=?iso-8859-9?q?mKPortal_T=FCrkiye?=" <tahafey...@gmail.com>
To:  "mkportal" <mkportal@googlegroups.com>
Subject: =?iso-8859-9?q?G=FCvenlik_Yamas=FD_Blog_ve_Gallery_Mod=FClleri_MKP_1.1?=
Date: Mon, 08 May 2006 17:09:12 -0700
Message-ID: <1147133352.262397.57430@j73g2000cwa.googlegroups.com>
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; SIMBAR Enabled; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-9"
Content-Transfer-Encoding: quoted-printable

Merhaba

A=FEa=F0=FDdaki g=FCvenlik riski MKPortal coder=FD meo taraf=FDndan bulunmu=
=FE
ve yamanm=FD=FEt=FDr.
Ayr=FDca yine gallery mod=FCl=FCnde bir risk vard=FDr. Bunlar sadece riskli
kodlar=FDn engellenmesi i=E7in. Siz yinede yap=FDn.

Mesaj=FDn orjinali

http://mkportal.gen.tr/forum/index.php?topic=3D1729.0

/mkportal/modules/blog/index.php dosyas=FDn=FD a=E7=FDn

function clean_template fonksiyonunu bulun:


Kod:

function clean_template ($t=3D"") {

		$t =3D str_replace( "&#"   , "", $t );
		$t =3D str_replace( "&gt;"    , ">", $t );
		$t =3D str_replace( "&lt;"    , "<", $t );
		$t =3D str_replace( "<?"   , ""       , $t );
		$t =3D str_replace( "?"   , ""       , $t );
		$t =3D preg_replace( "/<script/i"  , ""   , $t );
		$t =3D preg_replace( "/javascript/i" , "", $t );
		$t =3D preg_replace( "/about/i"     , "", $t );
		$t =3D preg_replace( "/vbscript/i"     , "", $t );
		$t =3D preg_replace( "/alert/i"      , ""      , $t );
		$t =3D preg_replace( "/onmouseover/i", "", $t );
		$t =3D preg_replace( "/onclick/i"    , ""    , $t );
		$t =3D preg_replace( "/onload/i"     , ""     , $t );
		$t =3D preg_replace( "/onsubmit/i"   , ""   , $t );

		return $t;
	}


Bununla de=F0i=FEin


function clean_template ($t=3D"") {

        $t =3D str_replace( "&#"   , "", $t );
        $t =3D str_replace( "&gt;"    , ">", $t );
        $t =3D str_replace( "&lt;"    , "<", $t );
        $t =3D str_replace( "<?"   , ""       , $t );
        $t =3D str_replace( "?"   , ""       , $t );
        while( preg_match( "#script(.+?)/script#ies" , $t ) ) {
                $t =3D preg_replace( "#script(.+?)/script#ies", "" , $t);
        }
        $t =3D preg_replace( "/javascript/i" , "", $t );
        $t =3D preg_replace( "/about/i"     , "", $t );
        $t =3D preg_replace( "/vbscript/i"     , "", $t );
        $t =3D preg_replace( "/alert/i"      , ""      , $t );
        $t =3D preg_replace( "/onmouseover/i", "", $t );
        $t =3D preg_replace( "/onclick/i"    , ""    , $t );
        $t =3D preg_replace( "/onload/i"     , ""     , $t );
        $t =3D preg_replace( "/onsubmit/i"   , ""   , $t );

        return $t;
    }


Kaydedin

A=FEa=F0=FDdaki dosyay=FD a=E7=FDn:

/mkportal/modules/gallery/index.php

Bul:


Kod:


$file =3D $_FILES['FILE_UPLOAD']['tmp_name'];
$file_name =3D $_FILES['FILE_UPLOAD']['name'];
$file_type =3D $_FILES['FILE_UPLOAD']['type'];
$peso =3D $_FILES['FILE_UPLOAD']['size'];
}

Alt=FDna ekle:


Kod:

$check =3D @fopen($file, "r");
$check =3D @fread($check, filesize($file));
if (preg_match("/html/i", $check)) {
$message =3D "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/javascript/i", $check)) {
$message =3D "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/about/i", $check)) {
$message =3D "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/vbscript/i", $check)) {
$message =3D "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/alert/i", $check)) {
$message =3D "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/onmouseover/i", $check)) {
$message =3D "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/onclick/i", $check)) {
$message =3D "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/onload/i", $check)) {
$message =3D "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/onsubmit/i", $check)) {
$message =3D "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("#script(.+?)/script#ies", $check)) {
$message =3D "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
if (preg_match("/<?php/i", $check)) {
$message =3D "Sorry this file is not valid";
$mklib->error_page($message);
exit;
}
@fclose($check);=20

Kaydedin

http://mkportal.gen.tr

=DDyi =E7al=FD=FEmalar

Grup oluştur - Google Grupları - Google Ana Sayfa - Hizmet Şartları - Gizlilik Politikası
©2009 Google