stamp attack fix
This commit is contained in:
root
parent
bb089a0e5e
commit
ac5d02a307
5 changed files with 65 additions and 35 deletions
|
|
@ -7,49 +7,65 @@
|
|||
$arr = explode("/", $arr['1'], 2);
|
||||
$ref = $arr['0'];
|
||||
|
||||
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
|
||||
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
|
||||
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";
|
||||
$res = mysql_query($query);
|
||||
if(mysql_num_rows($res) <= 0)
|
||||
{
|
||||
$bits = explode(".", $ref);
|
||||
for($i = 1; $i < count($bits); $i++)
|
||||
{
|
||||
if($ref2 != "")
|
||||
$ref2 .= ".";
|
||||
$ref2 .= $bits[$i];
|
||||
}
|
||||
$arr = explode("//", mysql_real_escape_string(trim($_SERVER['HTTP_REFERER'])), 2);
|
||||
$arr = explode("/", $arr['1'], 2);
|
||||
$siteref = $arr['0'];
|
||||
|
||||
if($ref == "" || ($ref != $siteref && $siteref != ""))
|
||||
{
|
||||
if($siteref != "")
|
||||
$siterefer = $_SERVER['HTTP_REFERER'];
|
||||
else
|
||||
$siterefer = $_REQUEST['refer'];
|
||||
$invalid = 2;
|
||||
} else {
|
||||
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
|
||||
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
|
||||
(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
|
||||
order by `domaincerts`.`id`";
|
||||
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";
|
||||
$res = mysql_query($query);
|
||||
if(mysql_num_rows($res) <= 0)
|
||||
{
|
||||
$query = "select *,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
|
||||
(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
|
||||
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
|
||||
`orgdomaincerts`.`revoked`=0 order by `orgdomaincerts`.`id`";
|
||||
$bits = explode(".", $ref);
|
||||
for($i = 1; $i < count($bits); $i++)
|
||||
{
|
||||
if($ref2 != "")
|
||||
$ref2 .= ".";
|
||||
$ref2 .= $bits[$i];
|
||||
}
|
||||
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
|
||||
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
|
||||
(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
|
||||
order by `domaincerts`.`id`";
|
||||
$res = mysql_query($query);
|
||||
if(mysql_num_rows($res) <= 0)
|
||||
{
|
||||
$invalid = 1;
|
||||
} else {
|
||||
$org = 1;
|
||||
$query = "select *,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
|
||||
(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
|
||||
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
|
||||
`orgdomaincerts`.`revoked`=0 order by `orgdomaincerts`.`id`";
|
||||
$res = mysql_query($query);
|
||||
if(mysql_num_rows($res) <= 0)
|
||||
{
|
||||
$invalid = 1;
|
||||
} else {
|
||||
$org = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$cert = mysql_fetch_assoc($res);
|
||||
if($org == 0)
|
||||
if($invalid == 0)
|
||||
{
|
||||
$query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
|
||||
`notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' GROUP BY `notary`.`to`";
|
||||
$user = mysql_fetch_assoc(mysql_query($query));
|
||||
} else {
|
||||
$query = "select * from `orginfo` where `id`='$cert[orgid]'";
|
||||
$orgi = mysql_fetch_assoc(mysql_query($query));
|
||||
$cert = mysql_fetch_assoc($res);
|
||||
if($org == 0)
|
||||
{
|
||||
$query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
|
||||
`notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' GROUP BY `notary`.`to`";
|
||||
$user = mysql_fetch_assoc(mysql_query($query));
|
||||
} else {
|
||||
$query = "select * from `orginfo` where `id`='$cert[orgid]'";
|
||||
$orgi = mysql_fetch_assoc(mysql_query($query));
|
||||
}
|
||||
}
|
||||
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
|
|
@ -90,7 +106,7 @@ google_ad_channel = "";
|
|||
<? } else { ?>
|
||||
<p style="color:red">This site has potentially abused CAcert logos and Copyrights, please report it so we may further investigate.</p>
|
||||
<? } ?>
|
||||
<p><a href="report.php?refer=<?=$_REQUEST['refer']?>">Problem with this site? Please report it</a></p>
|
||||
<p><a href="report.php?refer=<?=$siterefer?>">Problem with this site? Please report it</a></p>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -4,9 +4,23 @@
|
|||
$arr = explode("/", $arr['1'], 2);
|
||||
$ref = $arr['0'];
|
||||
|
||||
$arr = explode("//", mysql_real_escape_string(trim($_SERVER['HTTP_REFERER'])), 2);
|
||||
$arr = explode("/", $arr['1'], 2);
|
||||
$siteref = $arr['0'];
|
||||
|
||||
|
||||
header('Content-type: image/png');
|
||||
$im = imagecreatefrompng($img);
|
||||
|
||||
if($ref == "" || ($ref != $siteref && $siteref != ""))
|
||||
{
|
||||
$tc = imagecolorallocate ($im, 255, 0, 0);
|
||||
imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc);
|
||||
imagestring ($im, 2, 1, 45, "Click to Report", $tc);
|
||||
imagepng($im);
|
||||
exit;
|
||||
}
|
||||
|
||||
$query = "select * from `domlink`,`domains`,`domaincerts`
|
||||
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
|
||||
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@
|
|||
$body .= "Reason: $reason\n";
|
||||
$body .= "Comment: $comment\n";
|
||||
|
||||
sendmail("cacert-abuse@lists.cacert.org,$email", "[CAcert.org] Abuse Report.", $body, "website@cacert.org", "", "", "CAcert Website");
|
||||
sendmail("cacert-abuse@lists.cacert.org", "[CAcert.org] Abuse Report.", $body, "website@cacert.org", "", "", "CAcert Website");
|
||||
}
|
||||
|
||||
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
|
|
@ -87,7 +87,7 @@ google_ad_channel = "";
|
|||
<label for="sub"> </label><input type="submit" name="process" value="Report Site"><br />
|
||||
</form>
|
||||
<? } else { ?>
|
||||
<p>We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible. You will receive a confirmation of your report by email.</p>
|
||||
<p>We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible.</p>
|
||||
<? } ?>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -607,7 +607,7 @@ label {
|
|||
|
||||
label,input,select {
|
||||
display: block;
|
||||
width: 150px;
|
||||
width: 250px;
|
||||
float: left;
|
||||
margin-bottom: 10px;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<?
|
||||
if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes")
|
||||
{
|
||||
$output_file = $fname = "cacert-20060817.tar.bz2";
|
||||
$output_file = $fname = "cacert-20061128.tar.bz2";
|
||||
|
||||
header('Pragma: public');
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue