[BETA] External Link MOD

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
ryan1918dotcom
I've Been Banned!
Posts: 478
Joined: Wed Dec 10, 2003 3:10 am
Location: michigan
Contact:

Re: [BETA] External Link MOD

Post by ryan1918dotcom » Tue May 08, 2007 3:04 pm

I am using 1.40 and I've found a few vulnerabilities so far.
Image
http://www.ryan1918.com More than security.

kkroo
Registered User
Posts: 729
Joined: Sat Dec 03, 2005 4:49 pm
Contact:

Re: [BETA] External Link MOD

Post by kkroo » Tue May 08, 2007 5:15 pm

Could you give me an example or the bbcode with the exploit? I cant seem to recreate what your explaining. Also please list all vulnerabilities you are talking about.
My MODs

Need a coder?

Enjoy my Mods? - Image

kkroo
Registered User
Posts: 729
Joined: Sat Dec 03, 2005 4:49 pm
Contact:

Re: [BETA] External Link MOD

Post by kkroo » Tue May 08, 2007 6:16 pm

This fix should fix any vulnerabilities:

in link.php

find:

Code: Select all

	'U_URL' => $url_decode
replace with:

Code: Select all

	'U_URL' => urlencode( $url_decode )
My MODs

Need a coder?

Enjoy my Mods? - Image

ryan1918dotcom
I've Been Banned!
Posts: 478
Joined: Wed Dec 10, 2003 3:10 am
Location: michigan
Contact:

Re: [BETA] External Link MOD

Post by ryan1918dotcom » Wed May 09, 2007 5:22 am

I will try this and post results.
Image
http://www.ryan1918.com More than security.

ryan1918dotcom
I've Been Banned!
Posts: 478
Joined: Wed Dec 10, 2003 3:10 am
Location: michigan
Contact:

Re: [BETA] External Link MOD

Post by ryan1918dotcom » Wed May 09, 2007 5:26 am

Parse error: syntax error, unexpected T_STRING, expecting ')' in /link.php on line 160
Image
http://www.ryan1918.com More than security.

ryan1918dotcom
I've Been Banned!
Posts: 478
Joined: Wed Dec 10, 2003 3:10 am
Location: michigan
Contact:

Re: [BETA] External Link MOD

Post by ryan1918dotcom » Wed May 09, 2007 5:30 am

added , after the first one and it worked, thanks alot.
Image
http://www.ryan1918.com More than security.

ryan1918dotcom
I've Been Banned!
Posts: 478
Joined: Wed Dec 10, 2003 3:10 am
Location: michigan
Contact:

Re: [BETA] External Link MOD

Post by ryan1918dotcom » Wed May 09, 2007 5:35 am

Actually it don't work now, if I use any link it just takes me back to my main page of my site.
Image
http://www.ryan1918.com More than security.

ryan1918dotcom
I've Been Banned!
Posts: 478
Joined: Wed Dec 10, 2003 3:10 am
Location: michigan
Contact:

Re: [BETA] External Link MOD

Post by ryan1918dotcom » Wed May 09, 2007 5:17 pm

Anyone?
Image
http://www.ryan1918.com More than security.

kkroo
Registered User
Posts: 729
Joined: Sat Dec 03, 2005 4:49 pm
Contact:

Re: [BETA] External Link MOD

Post by kkroo » Wed May 09, 2007 5:49 pm

Try this

in link.php

find:

Code: Select all

	'U_URL' => $url_decode
replace with:

Code: Select all

	'U_URL' => addslashes( $url_decode )
My MODs

Need a coder?

Enjoy my Mods? - Image

ryan1918dotcom
I've Been Banned!
Posts: 478
Joined: Wed Dec 10, 2003 3:10 am
Location: michigan
Contact:

Re: [BETA] External Link MOD

Post by ryan1918dotcom » Thu May 10, 2007 2:27 am

It works but the XSS is still there.
Image
http://www.ryan1918.com More than security.

kkroo
Registered User
Posts: 729
Joined: Sat Dec 03, 2005 4:49 pm
Contact:

Re: [BETA] External Link MOD

Post by kkroo » Thu May 10, 2007 10:30 am

Try this

in link.php

find:

Code: Select all

	'U_URL' => $url_decode
replace with:

Code: Select all

	'U_URL' => addslashes( htmlentities($url_decode ) )
My MODs

Need a coder?

Enjoy my Mods? - Image

ryan1918dotcom
I've Been Banned!
Posts: 478
Joined: Wed Dec 10, 2003 3:10 am
Location: michigan
Contact:

Re: [BETA] External Link MOD

Post by ryan1918dotcom » Thu May 10, 2007 11:05 pm

Great, I think it worked now.
Image
http://www.ryan1918.com More than security.

User avatar
JLA
Registered User
Posts: 478
Joined: Tue Nov 16, 2004 5:23 pm
Location: USA
Name: JLA FORUMS
Contact:

Re: [BETA] External Link MOD

Post by JLA » Sun Jan 20, 2008 5:44 pm

Is there a way to have your code deal with HTML links that appears in posts such as this

<a target=_blank href=http://xxx.xxxx.xxx>Link Text...</a>

or

<a target=_blank href=http://xxx.xxxx.xxx>[img]image%20url%20not%20affected[/img]</a>

or
<a href="http://xxx.xxx.xxxx></a>

Also wanting to know if possible to have

Sitename :: External Link URL be passed to the pane_top.tpl so our site tracking can more accurately see the external links that are being visited

kkroo
Registered User
Posts: 729
Joined: Sat Dec 03, 2005 4:49 pm
Contact:

Re: [BETA] External Link MOD

Post by kkroo » Sun Jan 20, 2008 8:35 pm

Currently, the mod only supports BBcode urls.

I dont understand the second part of your question regarding pane_top.tpl, could you reword it more clearly.

Omar
My MODs

Need a coder?

Enjoy my Mods? - Image

User avatar
JLA
Registered User
Posts: 478
Joined: Tue Nov 16, 2004 5:23 pm
Location: USA
Name: JLA FORUMS
Contact:

Re: [BETA] External Link MOD

Post by JLA » Sun Jan 20, 2008 10:29 pm

kkroo wrote:Currently, the mod only supports BBcode urls.

I dont understand the second part of your question regarding pane_top.tpl, could you reword it more clearly.

Omar
We normally use a piece of Javascript in the overall_footer.tpl that tracks site visitors to our site. Normally, when someone would click on an external link on our site - we would be able to see the link as a site exit. Now with your mod, external links do not show as site exits. We placed the same javascript in the panel top tpl file but it only shows the sitename :: and nothing else. Also we cannot see what the external link was unless we directly visit the topic to search through where they possibly have gone.

If there was a way to have inserted into panel top tpl the URL of the external link so it would show in the title as sitename :: External Link URL - it would make it easier to track these.

Thanks

Post Reply

Return to “[2.0.x] MODs in Development”