Sub Menu
Links Menu
Online Users

In total there are 312 users online :: 1 registered, 0 hidden and 311 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Google [Bot] based on users active over the past 60 minutes

CrackerTracker Exploit False Positives

Support for IntegraMOD 141

Moderator: Integra Moderator

PostAuthor: Dick Dynamite » Tue Jan 30, 2007 2:53 pm

Well, the fix in the DB worked to fix the avatar/sig problem. Just when I edited the stuff, I had a typo, so it didn't read right. So, nix that.
Last edited by Dick Dynamite on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
www.dickdynamite.com

Dick Dynamite
Members
Members
 
Posts: 68
Likes: 0 post
Liked in: 0 post
Joined: Sun Dec 31, 2006 9:53 am
Cash on hand: 0.00

PostAuthor: Leadfoot » Wed Jan 31, 2007 1:28 am

I rename the folder itself
Last edited by Leadfoot on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Likes: 0 post
Liked in: 0 post
Joined: Sun Oct 01, 2006 4:02 pm
Cash on hand: 0.00

PostAuthor: Leadfoot » Thu Feb 01, 2007 12:24 pm

K heres another false positive Teelk

in amod+admin I went to the xtras page and tried to upload changes to the toggle options. I got the dreaded ctracker pink box.

So again as a workaround I renamed the root file "ctracker" to "-ctracker" did my changes to the toggle box and it worked fine.

You will see php errors when u use this methond but scroll to the bottom of them and you will see your page


Edit: I have also found one game that triggers the ctracker warning also. So far WheelofFortune is the only one to trigger it so far. Let me know if u want to know which games trigger it.
Last edited by Leadfoot on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Likes: 0 post
Liked in: 0 post
Joined: Sun Oct 01, 2006 4:02 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Teelk » Thu Feb 01, 2007 2:27 pm

Sure, if you can post your debug log info concerning Amod, I'm sure it would be very helpful to those who have installed it on 141.
Last edited by Teelk on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Joined: Tue Mar 14, 2006 5:25 pm
Cash on hand: 0.00
Location: Canada

Re: CrackerTracker Exploit False Positives

PostAuthor: ScottDaMan » Fri Feb 02, 2007 11:45 pm

When attempting to use General Admin -> Meta Tags+ in ACP, you'll get a false positive. The following debug worked to fix the issue.

Code: Select all
Script-Filename]------------------------------------------#
/forum/admin/admin_meta_tags.php
##-----[ FIND ]------------------------------------------#
define('IN_PHPBB', 1);
##-----[ AFTER, ADD ]------------------------------------------#
define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('meta_de.scription');
##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------##
EoM
Last edited by ScottDaMan on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[url=http]Star Wars United[/url] - My IM141 Board.

ScottDaMan
Members
Members
 
Posts: 46
Likes: 0 post
Liked in: 0 post
Joined: Wed Jan 31, 2007 11:40 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: JohnnyTheOne » Sun Feb 04, 2007 5:54 am

end i've got the following debug
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /home/admin/admin_hacks_list.php
----------------

Request-Method: GET

Matching rule: select%20
In variable: hack_id

Matching rule: union%20
In variable: hack_id

Matching rule: union%20
In variable: hack_id

Matching rule: %20union
In variable: hack_id

Possible solution:
------------------

#
#-----[ OPEN ]------------------------------------------
#
/home/admin/admin_hacks_list.php

#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);

#
#-----[ AFTER, ADD ]------------------------------------------
#
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignoregvar = array('hack_id');

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
Last edited by JohnnyTheOne on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
JohnnyTheOne
Development and exploitation of Websites
http://www.johnnytheone.com
User avatar
JohnnyTheOne
Members
Members
 
Posts: 78
Likes: 0 post
Liked in: 0 post
Joined: Tue Apr 18, 2006 7:35 am
Cash on hand: 0.00
Location: Hengelo (ov)

PostAuthor: ScottDaMan » Mon Feb 05, 2007 11:29 am

When posting some acronyms, you'll get a false positive. The following worked to fix it:
Code: Select all
##-----[ OPEN ]------------------------------------------#
/forum/admin/admin_acronyms.php
##-----[ FIND ]------------------------------------------#
define('IN_PHPBB', 1);
##-----[ AFTER, ADD ]------------------------------------------#
define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('de.scription');
Last edited by ScottDaMan on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[url=http]Star Wars United[/url] - My IM141 Board.

ScottDaMan
Members
Members
 
Posts: 46
Likes: 0 post
Liked in: 0 post
Joined: Wed Jan 31, 2007 11:40 am
Cash on hand: 0.00

PostAuthor: ZacFields » Mon Feb 05, 2007 11:38 am

We really appreciate all the help you guys are giving. Thanks to your efforts Teelk and I have been working to compile a patch for all these errors.

We're truly thankful for your help, and if you notice any other errors please let us know <img>

Zac
Last edited by ZacFields on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

ZacFields
Sr Integra Member
Sr Integra Member
 
Posts: 426
Likes: 0 post
Liked in: 0 post
Joined: Wed May 24, 2006 10:14 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Leadfoot » Tue Feb 06, 2007 12:16 pm

ok another false positive here

acp/pcp/pcpwizard/alterformdisplay/submit

when you click on the first submit button u get the ctracker security box

ran debug here are the results


Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename]------------------------------------------#
/forum/admin/admin_pcp_wizard.php
##-----[ FIND ]------------------------------------------#
define('IN_PHPBB', 1);
##-----[ AFTER, ADD ]------------------------------------------#
define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('style_user_rank_title','style_user_warnings');
##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------##
EoM

RESULTS

Didnt work for me. Where it says:

#
#-----[ FIND ]------------------------------------------
#
define('IN_PHPBB', 1);


I dont have that line. My line says:

define('IN_PHPBB', true);

I tried adding the fix after that line and it did not work. So I reran the debug and it came up with this.

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/admin/admin_pcp_wizard.php----------------
Request-Method: POST Matching rule: "In variable:  style_usernameIn variable:  style_user_birthdayIn variable:  style_user_my_friendIn variable:  style_user_my_ignoreIn variable:  style_user_pmIn variable:  style_user_emailIn variable:  style_user_websiteIn variable:  style_user_aimIn variable:  style_user_yimIn variable:  style_user_msnmIn variable:  style_user_skypeIn variable:  style_user_icqIn variable:  style_user_album Possible solution:

##-----[ OPEN ]------------------------------------------
/forum/admin/admin_pcp_wizard.php
##-----[ FIND ]------------------------------------------
define('IN_PHPBB', 1);
##-----[ AFTER, ADD ]------------------------------------------
define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('style_username','style_user_birthday','style_user_my_friend','style_user_my_ignore','style_user_pm','style_user_email','style_user_website','style_user_aim','style_user_yim','style_user_msnm','style_user_skype','style_user_icq','style_user_album');
##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
EoM


So i added those along with the first debug return so now my admin/admin_pcp_wizard.php looks like this

Code: Select all
define('IN_PHPBB', true); 
define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('style_username','style_user_birthday','style_user_my_friend','style_user_my_ignore','style_user_pm','style_user_email','style_user_website','style_user_aim','style_user_yim','style_user_msnm','style_user_skype','style_user_icq','style_user_album');
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('style_user_rank_title','style_user_warnings');



I ran debug again after this and still getting same return as on last run.

If I go into the acp/pcp/pcpwizard/alter page display and i click on the submit button on the default page that pops up all is ok.
But if I navigate to another page such as viewtopic>buttons and hit submit I get the ctracker block.
Last edited by Leadfoot on Tue Feb 06, 2007 1:44 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Likes: 0 post
Liked in: 0 post
Joined: Sun Oct 01, 2006 4:02 pm
Cash on hand: 0.00

PostAuthor: ScottDaMan » Tue Feb 06, 2007 12:23 pm

When a user attempts to add a link to your link directory and they use a site with a .shtml extension, they will get an error.
Code: Select all
Script-Filename]------------------------------------------#/forum/link_register.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('link_desc','link_title','link_url');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  


It is important to note:
Original:
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('link_title','link_desc');

New:
define('CT_SECLEVEL', 'MEDIUM');
$ct_ignorepvar = array('link_title','link_desc','link_url');
Last edited by ScottDaMan on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[url=http]Star Wars United[/url] - My IM141 Board.

ScottDaMan
Members
Members
 
Posts: 46
Likes: 0 post
Liked in: 0 post
Joined: Wed Jan 31, 2007 11:40 am
Cash on hand: 0.00

PostAuthor: ScottDaMan » Tue Feb 06, 2007 12:32 pm

Same deal for the admin side of the link .script.

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename]------------------------------------------#/forum/admin/admin_links.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('submit','link_desc','link_title','link_url');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM


Important note:
Original:
$ct_ignorepvar = array('submit','link_desc');

New:
$ct_ignorepvar = array('submit','link_desc','link_title','link_url');
Last edited by ScottDaMan on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[url=http]Star Wars United[/url] - My IM141 Board.

ScottDaMan
Members
Members
 
Posts: 46
Likes: 0 post
Liked in: 0 post
Joined: Wed Jan 31, 2007 11:40 am
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Leadfoot » Tue Feb 06, 2007 1:14 pm

Dam this debugging might get addictive now that I have figured it out. Anyways here is my debug and fix for wheel of fortune. It worked in removing the ctracker error.

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /forum/newscore.php----------------  Request-Method: POST  Matching rule: or In variable:   puzzle2In variable:   puzzle65In variable:   puzzle132In variable:   puzzle133In variable:   puzzle144In variable:   puzzle163In variable:   puzzle165In variable:   puzzle166In variable:   puzzle183In variable:   puzzle192  Matching rule: and In variable:   puzzle1In variable:   puzzle2In variable:   puzzle5In variable:   puzzle6In variable:   puzzle25In variable:   puzzle35In variable:   puzzle39In variable:   puzzle56In variable:   puzzle86In variable:   puzzle92In variable:   puzzle113In variable:   puzzle143In variable:   puzzle179In variable:   puzzle184In variable:   puzzle186In variable:   puzzle190In variable:   puzzle195In variable:   puzzle196In variable:   puzzle207In variable:   puzzle223In variable:   puzzle238In variable:   puzzle240In variable:   puzzle244In variable:   puzzle246In variable:   puzzle247In variable:   puzzle252In variable:   puzzle258  Matching rule: id In variable:   puzzle43In variable:   puzzle154In variable:   puzzle226In variable:   puzzle237In variable:   puzzle249  Matching rule: ls In variable:   puzzle27In variable:   puzzle58In variable:   puzzle59In variable:   puzzle140In variable:   puzzle194In variable:   puzzle238  Matching rule: rm In variable:   puzzle71  Matching rule: kill In variable:   puzzle193  Matching rule:  chrIn variable:   puzzle70In variable:   puzzle169  Matching rule: rm In variable:   puzzle71  Matching rule: kill In variable:   puzzle193  Matching rule:  likeIn variable:   puzzle29In variable:   puzzle42In variable:   puzzle73In variable:   puzzle94  Matching rule: like In variable:   puzzle29In variable:   puzzle42In variable:   puzzle73In variable:   puzzle94  Matching rule: ping In variable:   puzzle229In variable:   puzzle245Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/forum/newscore.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('puzzle2','puzzle65','puzzle132','puzzle133','puzzle144','puzzle163','puzzle165','puzzle166','puzzle183','puzzle192','puzzle1','puzzle5','puzzle6','puzzle25','puzzle35','puzzle39','puzzle56','puzzle86','puzzle92','puzzle113','puzzle143','puzzle179','puzzle184','puzzle186','puzzle190','puzzle195','puzzle196','puzzle207','puzzle223','puzzle238','puzzle240','puzzle244','puzzle246','puzzle247','puzzle252','puzzle258','puzzle43','puzzle154','puzzle226','puzzle237','puzzle249','puzzle27','puzzle58','puzzle59','puzzle140','puzzle194','puzzle71','puzzle193','puzzle70','puzzle169','puzzle29','puzzle42','puzzle73','puzzle94','puzzle229','puzzle245');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  
Last edited by Leadfoot on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Likes: 0 post
Liked in: 0 post
Joined: Sun Oct 01, 2006 4:02 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: Teelk » Tue Feb 06, 2007 6:04 pm

Thanks guys for the contributions, they really are helping out.

For PCP Wizard, try opening up admin/admin_pcp_wizard.php and replacing the MEDIUM with LOW. That may solve all issues with the wizard.
Last edited by Teelk on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
User avatar
Teelk
Dev Team
Dev Team
 
Posts: 1309
Likes: 0 post
Liked in: 0 post
Joined: Tue Mar 14, 2006 5:25 pm
Cash on hand: 0.00
Location: Canada

Re: CrackerTracker Exploit False Positives

PostAuthor: Leadfoot » Wed Feb 07, 2007 2:03 am

ok i have done a lot more debugging on the pcp wizard and have a fix that has everything fixed but one thing and I cant seem to get the last part to work. With the debug below everything will work EXCEPT for "alter form display". I keep getting this ctracker debug on this form and it is not working.

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /forum/admin/admin_pcp_wizard.php----------------  Request-Method: POST  Matching rule: _phpIn variable:   get_func_phpBBSecurity_questionIn variable:   get_func_phpBBSecurity_answerPossible solution:------------------  ##-----[ OPEN ]------------------------------------------#/forum/admin/admin_pcp_wizard.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('get_func_phpBBSecurity_question','get_func_phpBBSecurity_answer');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  



So to get the pcp wizard to work on all pages BUT for the one above this is the working debug

Code: Select all
##-----[ OPEN ]------------------------------------------#/forum/admin/admin_pcp_wizard.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('style_user_birthday','style_user_my_friend','style_user_my_ignore','style_user_pm','style_user_email','style_user_website','style_user_aim','style_user_yim','style_user_msnm','style_user_skype','style_user_icq','style_user_album','style_user_sig','style_username','style_user_online','style_user_rank_title','style_user_avatar','style_user_from','style_user_regdate','style_user_gender','style_user_age','style_user_posts','style_user_cashtp','style_user_holidays','style_user_country','style_user_warnings','style_user_trophy_topic','get_func_phpBBSecurity_question','get_func_phpBBSecurity_answer');      


Hope this helps.
Last edited by Leadfoot on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Leadfoot
Integra Member
Integra Member
 
Posts: 131
Likes: 0 post
Liked in: 0 post
Joined: Sun Oct 01, 2006 4:02 pm
Cash on hand: 0.00

Re: CrackerTracker Exploit False Positives

PostAuthor: psyperu » Wed Feb 07, 2007 9:48 am

"Leadfoot";p="21534" wrote:Dam this debugging might get addictive now that I have figured it out. Anyways here is my debug and fix for wheel of fortune. It worked in removing the ctracker error.

Code: Select all
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /forum/newscore.php----------------  Request-Method: POST  Matching rule: or In variable:   puzzle2In variable:   puzzle65In variable:   puzzle132In variable:   puzzle133In variable:   puzzle144In variable:   puzzle163In variable:   puzzle165In variable:   puzzle166In variable:   puzzle183In variable:   puzzle192  Matching rule: and In variable:   puzzle1In variable:   puzzle2In variable:   puzzle5In variable:   puzzle6In variable:   puzzle25In variable:   puzzle35In variable:   puzzle39In variable:   puzzle56In variable:   puzzle86In variable:   puzzle92In variable:   puzzle113In variable:   puzzle143In variable:   puzzle179In variable:   puzzle184In variable:   puzzle186In variable:   puzzle190In variable:   puzzle195In variable:   puzzle196In variable:   puzzle207In variable:   puzzle223In variable:   puzzle238In variable:   puzzle240In variable:   puzzle244In variable:   puzzle246In variable:   puzzle247In variable:   puzzle252In variable:   puzzle258  Matching rule: id In variable:   puzzle43In variable:   puzzle154In variable:   puzzle226In variable:   puzzle237In variable:   puzzle249  Matching rule: ls In variable:   puzzle27In variable:   puzzle58In variable:   puzzle59In variable:   puzzle140In variable:   puzzle194In variable:   puzzle238  Matching rule: rm In variable:   puzzle71  Matching rule: kill In variable:   puzzle193  Matching rule:  chrIn variable:   puzzle70In variable:   puzzle169  Matching rule: rm In variable:   puzzle71  Matching rule: kill In variable:   puzzle193  Matching rule:  likeIn variable:   puzzle29In variable:   puzzle42In variable:   puzzle73In variable:   puzzle94  Matching rule: like In variable:   puzzle29In variable:   puzzle42In variable:   puzzle73In variable:   puzzle94  Matching rule: ping In variable:   puzzle229In variable:   puzzle245Possible solution:------------------  ##-----[ OPEN ]------------------------------------------#/forum/newscore.php  ##-----[ FIND ]------------------------------------------#define('IN_PHPBB', 1);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('puzzle2','puzzle65','puzzle132','puzzle133','puzzle144','puzzle163','puzzle165','puzzle166','puzzle183','puzzle192','puzzle1','puzzle5','puzzle6','puzzle25','puzzle35','puzzle39','puzzle56','puzzle86','puzzle92','puzzle113','puzzle143','puzzle179','puzzle184','puzzle186','puzzle190','puzzle195','puzzle196','puzzle207','puzzle223','puzzle238','puzzle240','puzzle244','puzzle246','puzzle247','puzzle252','puzzle258','puzzle43','puzzle154','puzzle226','puzzle237','puzzle249','puzzle27','puzzle58','puzzle59','puzzle140','puzzle194','puzzle71','puzzle193','puzzle70','puzzle169','puzzle29','puzzle42','puzzle73','puzzle94','puzzle229','puzzle245');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM  


Hi but I don't have that archive "newscore.php" in the root of /forum/
Last edited by psyperu on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

psyperu
Newbie
Newbie
 
Posts: 18
Likes: 0 post
Liked in: 0 post
Joined: Mon Jun 05, 2006 6:54 am
Cash on hand: 0.00

PreviousNext

Return to IntegraMOD 141

Who is online

Registered users: Google [Bot]

cron