GESIOR 2012 - ideas, bug reports

[Gesior.pl]

Some bruteforce protection is Very useful and also i dont know if you saw this topic http://otland.net/f479/gesior-aac-exploits-all-versions-76074/

I hope this help you good job

- - - Updated - - -

Buypoints:

 PHP Injection in buypoints.php An old exploit not posted here I think, bu - Pastebin.com[/url][/QUOTE]
[B]guilds.php[/B] - Can anyone tell me how hacker can abuse that? I still don't get how someone can abuse script that saves image with name like 'Gesior_guild[B].PNG[/B]' and then loads it in [B]<img src="here image url" alt="" />[/B]
In new version I did change file name from 'strireplace(' ', '_', $guild->getName()) . $extension' to 'time() . '_' . md5($guild->getName()) . $extension'.
[B]houses.php[/B] - rewritten
[B]latestnews.php[/B] - rewritten
[B]buypoints.php[/B] is fixed other way (urlencode variables, not check 'A-Z0-9a-z').
[B]From buypoints I removed 'daopay' system and added 'zaypay'.[/B]
[quote="Vightrain, post: 1641794"][FONT=Palatino Linotype]Great work Gesior.pl but i think there is a problem with change name option in shopsystem.php... I think you can abuse it so please check it out :)[/FONT][/QUOTE]
I will use my ooold version of shopsystem.php [items and containers only] and add there 'change name' option (safe). 'Unban' will be available on Bans (bans.php). Remove red skull and other things will be not available as it's easier to make them as items/talkactions in game.

 

[LucasFerraz]

gesior, i dont know why but this link do not load: GESIOR 2012 ver. 1.0.0 BETA for 0.3.6

 

[Chris]

guilds.php - Can anyone tell me how hacker can abuse that? I still don't get how someone can abuse script that saves image with name like 'Gesior_guild.PNG' and then loads it in <img src="here image url" alt="" />
In new version I did change file name from 'strireplace(' ', '_', $guild->getName()) . $extension' to 'time() . '_' . md5($guild->getName()) . $extension'.
houses.php - rewritten
latestnews.php - rewritten
buypoints.php is fixed other way (urlencode variables, not check 'A-Z0-9a-z').
From buypoints I removed 'daopay' system and added 'zaypay'.

I will use my ooold version of shopsystem.php [items and containers only] and add there 'change name' option (safe). 'Unban' will be available on Bans (bans.php). Remove red skull and other things will be not available as it's easier to make them as items/talkactions in game.

As far as the guild logo goes, I'd recommend you run the uploaded image through GD, save the file and remove the temporary file (uploaded file). This way, any embedded code will disappear.

 

[averatec]

or store logos in db, encoded with base64 and display this way

<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUA
AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO
9TXL0Y4OHwAAAABJRU5ErkJggg==" alt="Red dot">

 

[Vightrain]

I will use my ooold version of shopsystem.php [items and containers only] and add there 'change name' option (safe). 'Unban' will be available on Bans (bans.php). Remove red skull and other things will be not available as it's easier to make them as items/talkactions in game.

Great! So when will you do this? Since now when i press on the file it only contains the following...

<?PHP
echo 'get other!!';
?>

 

[Beo]

--------

Your own layout.

 

[Gesior.pl]

As far as the guild logo goes, I'd recommend you run the uploaded image through GD, save the file and remove the temporary file (uploaded file). This way, any embedded code will disappear.

I thought about it. Will it remove all hax codes? Did you test if it does not remove animation from .gif?

Great! So when will you do this? Since now when i press on the file it only contains the following...

<?PHP
echo 'get other!!';
?>

Files: GESIOR 2012 ver. 1.0.0 BETA for 0.3.6 updated.
buypoints.php with dotpay [polish sms], 'paypal by dotpay' [automatic paypal, only for polish admins], zaypay [use Payalogues, other config then popular forum script, but looks better] and zaypay_report.php added [config in folder 'custom_scripts'].
shopsystem.php with only pacc/item/container added + fixed some possible security bugs.

@LucasFerraz
For others link works, try use google chrome to open site.

 

[LucasFerraz]

OTS.ME do not load in Firefox/Google Chrome or IE

 

[Ninja]

Loads in Chrome, Firefox, IE & Safari. Nothing wrong with his website.

 

[Gesior.pl]

You can try to download .zip file from:
Index of /ots/gesior
(file viewer doesn't work with that domain)
If that link also doesn't work then you can use:
Gesior2012_beta_for_0.3.6.zip - Speedy Share - upload your files here

 

[LucasFerraz]

This link do not load too, maybe it's a problem here (In my job it do not load too)

 

[conde2]

Dont load for me either

The New link works fine to download

 

[averatec]

Cannot u use proxy to load this website, or didn't think about it?

 

[Chris]

I thought about it. Will it remove all hax codes? Did you test if it does not remove animation from .gif?

Files: GESIOR 2012 ver. 1.0.0 BETA for 0.3.6 updated.
buypoints.php with dotpay [polish sms], 'paypal by dotpay' [automatic paypal, only for polish admins], zaypay [use Payalogues, other config then popular forum script, but looks better] and zaypay_report.php added [config in folder 'custom_scripts'].
shopsystem.php with only pacc/item/container added + fixed some possible security bugs.

@LucasFerraz
For others link works, try use google chrome to open site.

Yeah it should get rid of all of the malicious code, however it will not preserve the animate state by default. I do think however there's a way of reanimating it, but not quite sure how to do it. Would you rather prioritise animated images over security though? (;

 

[J.Dre]

/\

 

[averatec]

http://otland.net/f251/gesior-2012-ideas-bug-reports-169215/index3.html#post1642210 and my solution isn't good?

 

[Gesior.pl]

http://otland.net/f251/gesior-2012-ideas-bug-reports-169215/index3.html#post1642210 and my solution isn't good?

I'm sure you know what is a problem with your solution... no cache for images = higher transfer, but as OTSes websites are not too popular and otses use dedics with 0.1-10gb/s network speed I've decided to use that method.

@topic
- In latestnews.php (top guilds),
guilds.php (change logo code + 'on create' it copy default_guild_logo.gif from folder 'images' to database field 'guild_logo'),

$new_guild->setGuildLogo('image/gif', Website::getFileContents('./images/default_guild_logo.gif'));

and wars.php it uses new method
- Folder 'user_files' deleted as there is nothing to store.
- install.php now create column 'guild_logo', type: mediumblob, default: NULL

New .zip:
Index of /gesior

Files in fileviewer also updated:
GESIOR 2012 ver. 1.0.0 BETA for 0.3.6

guilds.php save new logo part:

$max_image_size_b = $config['site']['guild_image_size_kb'] * 1024;
				if($_REQUEST['todo'] == 'save')
				{
					$file = $_FILES['newlogo'];
					switch($file['error'])
					{
						case UPLOAD_ERR_OK:
							break; // all ok
						case UPLOAD_ERR_INI_SIZE:
						case UPLOAD_ERR_FORM_SIZE:
							$upload_errors[] = 'Image is too large';
							break;
						case UPLOAD_ERR_PARTIAL:
							$upload_errors[] = 'Image was only partially uploaded';
							break;
						case UPLOAD_ERR_NO_FILE:
							$upload_errors[] = 'No image was uploaded';
							break;
						case UPLOAD_ERR_NO_TMP_DIR:
							$upload_errors[] = 'Upload folder not found';
							break;
						case UPLOAD_ERR_CANT_WRITE:
							$upload_errors[] = 'Unable to write uploaded file';
							break;
						case UPLOAD_ERR_EXTENSION:
							$upload_errors[] =  'Upload failed due to extension';
							break;
						default:
							$upload_errors[] =  'Unknown error';
					}
					if(is_uploaded_file($file['tmp_name']))
					{
						if($file['size'] > $max_image_size_b)
							$upload_errors[] = 'Uploaded image is too big. Size: <b>'.$file['size'].' bytes</b>, Max. size: <b>'.$max_image_size_b.' bytes</b>.';
						$info = getimagesize($file['tmp_name']);
						if(!$info)
							$upload_errors[] = 'Uploaded file is not an image!';
					}
					else
						$upload_errors[] = 'You didn\'t send file or file is too big. Limit: <b>'.$config['site']['guild_image_size_kb'].' KB</b>.';
					//show errors or save file
					if(!empty($upload_errors))
					{
						$main_content .= '<div class="SmallBox" >  <div class="MessageContainer" >    <div class="BoxFrameHorizontal" style="background-image:url('.$layout_name.'/images/content/box-frame-horizontal.gif);" /></div>    <div class="BoxFrameEdgeLeftTop" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></div>    <div class="BoxFrameEdgeRightTop" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></div>    <div class="ErrorMessage" >      <div class="BoxFrameVerticalLeft" style="background-image:url('.$layout_name.'/images/content/box-frame-vertical.gif);" /></div>      <div class="BoxFrameVerticalRight" style="background-image:url('.$layout_name.'/images/content/box-frame-vertical.gif);" /></div>      <div class="AttentionSign" style="background-image:url('.$layout_name.'/images/content/attentionsign.gif);" /></div><b>The Following Errors Have Occurred:</b><br/>';
						foreach($upload_errors as $guild_error)
							$main_content .= '<li>'.$guild_error;
						$main_content .= '</div>    <div class="BoxFrameHorizontal" style="background-image:url('.$layout_name.'/images/content/box-frame-horizontal.gif);" /></div>    <div class="BoxFrameEdgeRightBottom" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></div>    <div class="BoxFrameEdgeLeftBottom" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></div>  </div></div><br>';
					}
					else
					{
						$guild->setGuildLogo($info['mime'], file_get_contents($file['tmp_name']));
						$guild->save();
					}
				}

guild.php (class):

	public function setGuildLogo($mimeType, $fileData)
	{
		$this->data['guild_logo'] = 'data:' . $mimeType . ';base64,' . base64_encode($fileData);
	}

 

[Cykotitan]

don't close php tags at the end of script

 

[Gesior.pl]

don't close php tags at the end of script

Good idea. All ?> removed (files on ots.me I will update on evening).

 

[Vightrain]

Gesior is thaaa maan!! Good job mate!