News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Undefined index: REDIRECT_QUERY_STRING & Incorrect string: '''' for inet_aton

Started by dodos26, April 09, 2023, 08:30:47 AM

Previous topic - Next topic

Kindred

rotfl....

ok, well, see, now we get to it.
1- your previous posts were rambling and useless to the point that only now does your explanation START to make sense.  I do indeed see the error thanks to your attempt to spam my test site.
2- This is not a vulnerability. Sure, I guess someone might spam the error log, like you did on my test site... but that's it... 
3- However, GUESS WHAT - there's a simple fix!!
As I have said, several times now...  upgrade to 2.1.x.   That version no longer triggers an error - and 2.0.x is not receiving any updates other than security updates (and this is not a security issue)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Aleksi "Lex" Kilpinen

I'm not at all sure I'd call ability to create an error in your log a "vulnerability".
Also, Simple Portal is a mod - Issues with mods should be handled with the mod authors.
Lastly, I believe inet_aton is purely an ipv4 function and if you are seeing errors from it, the most likely cause is that ipv6 is not working "perfectly fine" in all situations but is ending up handled by ipv4 routines somewhere.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

dodos26

2. Nope!
This may be a problem, I don't know about security but I know that something that can be without restrictions / container, saved and displayed causes a serious security error first thing that comes to mind is an iframe that may cause transferring the administrator's ip, who knows maybe even session number and this is already a big threat. We are in the 2.0 support table and expect support to 2.0. Saying install 2.1 is like telling someone who uses windows to install linux...

Aleksi "Lex" Kilpinen
Yeah bro note that it wasn't until later that I found out that simple portal was having problems with custom redirection.

Why dont use inet_pton or INET6_ATON (that work also for ip normal) and why
'IFNULL(INET_ATON(\'' . $user_info['ip'] . '\'), 0)'
and what is \ 'IFNULL(INET_ATON(\'' . $user_info['ip'] . '\'), 0)'

Could this quality workaround or fix the problem?

Arantor

Because the problem isn't as simple as just switching to the other function. IPv6 addresses are larger; you need to upgrade to ensure the database is properly converted to allocate more space for IPv6 addresses (and also ensure that all the related functionality is also upgraded)

Kindred

No, telling you to upgrade smf versions is like telling someone who continued to use windows 98 and had problems on that ancient platform that they really should upgrade to windows 10
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Even that's a reference that's passing; Windows 10 goes out of mainstream support in 2025, we're getting there...

Steve

I believe this has gone on long enough. Question asked, solution provided (several times).

Locking.

@Kindred or Lex - by all means, unlock if you don't think it should have been.
DO NOT pm me for support!

dodos26

https://www.simplemachines.org/community/index.php?topic=585618.0
No solution to the requested problem was provided.
No solution to the requested problem was provided.
No solution to the requested problem was provided.

Why is my topic the only one of all topics in this section that has been closed.

Aleksi "Lex" Kilpinen

You were offered a solution, not our problem if you reject it.

Merged. Lock stays.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Advertisement: