<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#CCCCCC" text="#000000" link="#003399" vlink="#006699" alink="#006699">
<hr>
<div align="center">
<h2><br>
<font color="#0099CC">PHP-Nuke Patched<br>
2003 chatserv<br>
<a href="http://www.nukefixes.com/">NukeFixes</a> -- <a href="http://www.nukeresources.com/">NukeResources</a></font></h2>
<hr>
</div>
<font size="4">Look for unquoted variables in sql queries, in example:<br>
<font color="#0000FF">sql_query("UPDATE ".$prefix."_downloads_downloads
SET downloadratingsummary=$finalrating,totalvotes=$totalvotesDB,totalcomments=$truecomments
WHERE lid='$lid'", $dbi);</font><br>
should be:<br>
<font color="#0000FF">sql_query("UPDATE ".$prefix."_downloads_downloads
SET downloadratingsummary=</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF">$finalrating</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF">,totalvotes=</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF">$totalvotesDB</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF">,totalcomments=</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF">$truecomments</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF">
WHERE lid='$lid'", $dbi);</font><br>
As you can see single quotes were added to the variables<br><br>
Another example:<br>
<font color="#0000FF">$result=sql_query("select rid, name, url from ".$prefix."_related
where tid=$topicid", $dbi);</font><br>
should be:<br>
<font color="#0000FF">$result=sql_query("select rid, name, url from ".$prefix."_related
where tid=<b><font color="#FF0000">'</font></b>$topicid<font color="#FF0000"><b>'</b></font>",
$dbi);</font><br>
notice <i>$topicid</i> was enclosed between <i>single quotes</i>.<br><br>
This particular query attempts to grab 3 values from a database table, an id,
a name and a url,<br>
the id is a numerical value:<br>
<font color="#0000FF">while(list($rid, $name, $url) = sql_fetch_row($result, $dbi))
{</font> <br>
Results are returned in the format <i>$value</i>, since one of the values is a
number we add a<br>
php function to make sure only numbers are used, in this case we use <font color="#FF0000">intval()</font>,
in values<br>
that return emails & urls we can use another function, in this case <font color="#FF0000">stripslashes()</font>,<br>
the result line would now change to:<br>
<font color="#0000FF">while(list($rid, $name, $url) = sql_fetch_row($result, $dbi))
{</font><br>
<font color="#FF0000">$rid = <b>intval(</b>$rid<b>)</b>;<br>
$url = <b>stripslashes(</b>$url<b>)</b>;</font> </font><br><br>
<font size="4">There are many more functions one can use to check what gets
passed through a<br>
variable but these should help make the files more secure, anyway here's one
more:<br>
Let's say that from our example we know <i>$name</i> will have <i>a maximum allowed<br>
character limit of 12</i>, we can make sure that limit is not exceeded in one<br>
of several ways, in this case we'll use <font color="#FF0000">substr()</font>
so the above will now be:<br>
<font color="#0000FF">while(list($rid, $name, $url) = sql_fetch_row($result,
$dbi)) {<br>
$rid = intval($rid);<br>
$name = <font color="#FF0000"><b>substr("</b></font>$name<font color="#FF0000"><b>",
0,12)</b></font>;<br>
$url = stripslashes(<font color="#0000FF">$url);</font></font></font><br>
<br>
<font size="4">In the case of variables for titles and descriptions you could
mix <font color="#FF0000">stripslashes()</font> with <font color="#FF0000">FixQuotes()</font>
, but only when inserting data into a table, if extracting only use <font color="#FF0000">stripslashed()</font>
since <font color="#FF0000">FixQuotes()</font> will duplicate all single quotes,
in example:<br>
$description = <b><font color="#FF0000">stripslashes(FixQuotes(</font></b>$description<b><font color="#FF0000">))</font></b>;</font>
<font size="4">- for data to be inserted to a table.<br>
$description = <b><font color="#FF0000">stripslashes(</font></b>$description<b><font color="#FF0000">)</font></b>;</font>
<font size="4">- for data to be extracted from a table.<br>
</font>
<hr>
<center>
<h2><font color="#990000">Variables list</font></h2>
</center><hr>
<br>
<font size="4">The following are some of the variables that deal with numerical
values, you should secure them with the <font color="#FF0000">intval()</font>
function.</font><br>
<br>
<div align="center">
<table width="75%" border="1">
<tr>
<td>
<div align="center"><b><font color="#FF0000" size="5">Database Table Name</font></b></div>
</td>
<td>
<div align="center"><b><font color="#FF0000" size="5">Variable(s)</font></b></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_access</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$access_id</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_authors</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$counter<br>
$radminarticle<br>
$radmintopic<br>
$radminuser<br>
$radminsurvey<br>
$radminsection<br>
$radminlink<br>
$radminephem<br>
$radminfaq<br>
$radmindownload<br>
$radminforum<br>
$radmincontent<br>
$radminency<br>
$radminreviews<br>
$radminnewsletter<br>
$radminsuper</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_autonews</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$anid<br>
$catid<br>
$ihome</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_banner</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$bid<br>
$cid<br>
$imptotal<br>
$impmade<br>
$clicks<br>
$active</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_bannerclient</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$cid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_blocks</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$bid<br>
$weight<br>
$active<br>
$refresh<br>
$view</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_catagories</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$cat_id</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_comments</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$tid<br>
$pid<br>
$sid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_config</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$anonpost<br>
$commentlimit<br>
$minpass<br>
$pollcomm<br>
$articlecomm<br>
$broadcast_msg<br>
$my_headlines<br>
$top<br>
$storyhome<br>
$user_news<br>
$oldnum<br>
$ultramode<br>
$banners<br>
$multilingual<br>
$useflags<br>
$notify<br>
$email_send<br>
$attachments<br>
$attachments_view<br>
$singleaccount<br>
$filter_forward<br>
$moderate<br>
$admingraphic<br>
$httpref<br>
$httprefmax</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_contactbook</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$uid<br>
$contactid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_counter</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$count</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_downloads_categories</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$cid<br>
$parentid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_downloads_downloads</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$lid<br>
$cid<br>
$sid<br>
$hits<br>
$totalvotes<br>
$totalcomments</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_downloads_editorials</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$downloadid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_downloads_modrequest</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$requestid<br>
$lid<br>
$cid<br>
$sid<br>
$brokendownload</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_downloads_newdownload</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$lid<br>
$cid<br>
$sid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_downloads_votedata</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$ratingdbid<br>
$ratinglid<br>
$rating</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_encyclopedia</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$eid<br>
$active</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_encyclopedia_text</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$tid<br>
$eid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_ephem</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$eid<br>
$did<br>
$mid<br>
$yid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_faqAnswer</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$id<br>
$id_cat</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_faqCategories</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$id_cat</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_headlines</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$hid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_journal</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$jid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_journal_comments</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$cid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_journal_stats</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$id</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_links_categories</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$cid<br>
$parentid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_links_editorials</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$linkid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_links_links</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$lid<br>
$cid<br>
$sid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_links_modrequest</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$requestid<br>
$lid<br>
$cid<br>
$sid<br>
$brokenlink</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_links_newlink</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$lid<br>
$cid<br>
$sid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_links_votedata</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$ratingdbid<br>
$ratinglid<br>
$rating</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_message</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$mid<br>
$expire<br>
$active<br>
$view</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_modules</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$mid<br>
$active<br>
$view<br>
$inmenu</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_pages</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$pid<br>
$cid<br>
$active<br>
$counter</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_pages_categories</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$cid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_poll_check</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$pollID</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_poll_data</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$pollID<br>
$optionCount<br>
$voteID</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_poll_desc</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$pollID<br>
$voters<br>
$artid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_pollcomments</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$tid<br>
$pid<br>
$pollID</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_public_messages</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$mid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_queue</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$qid<br>
$uid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_referer</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$rid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_related</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$rid<br>
$tid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_reviews</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$id<br>
$score<br>
$hits</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_reviews_add</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$id<br>
$score</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_reviews_comments</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$cid<br>
$rid<br>
$score</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_seccont</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$artid<br>
$secid<br>
$counter</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_sections</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$secid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_stories</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$sid<br>
$catid<br>
$comments<br>
$counter<br>
$topic<br>
$ihome<br>
$acomm<br>
$haspoll<br>
$pollID<br>
$score<br>
$ratings</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_stories_cat</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$catid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_topics</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$topicid</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_users</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$user_id<br>
$storynum<br>
$uorder<br>
$noscore<br>
$ublockon<br>
$commentmax<br>
$counter<br>
$newsletter<br>
$user_posts<br>
$user_attachsig<br>
$user_rank<br>
$user_level<br>
$broadcast<br>
$popmeson<br>
$user_active<br>
$user_session_time<br>
$user_session_page<br>
$user_lastvisit<br>
$user_new_privmsg<br>
$user_unread_privmsg<br>
$user_last_privmsg<br>
$user_allowhtml<br>
$user_allowbbcode<br>
$user_allowsmile<br>
$user_allowavatar<br>
$user_allow_pm<br>
$user_allow_viewonline<br>
$user_notify<br>
$user_notify_pm<br>
$user_popup_pm<br>
$user_avatar_type</b></font></div>
</td>
</tr>
<tr>
<td>
<div align="center"><font size="4"><b>nuke_users_temp</b></font></div>
</td>
<td>
<div align="center"><font size="4"><b>$user_id</b></font></div>
</td>
</tr>
</table>
</div>
<p align="center"><br>
</p>
<hr>
<div align="center"><font size="4"><a href="#top"><i><b>- Back To Top -</b></i></a></font>
</div>
<hr>
</body>
</html>