stamp attack fix

This commit is contained in:
root 2006-11-27 23:10:08 +00:00
parent bb089a0e5e
commit ac5d02a307
5 changed files with 65 additions and 35 deletions

View file

@ -7,49 +7,65 @@
$arr = explode("/", $arr['1'], 2);
$ref = $arr['0'];
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$bits = explode(".", $ref);
for($i = 1; $i < count($bits); $i++)
{
if($ref2 != "")
$ref2 .= ".";
$ref2 .= $bits[$i];
}
$arr = explode("//", mysql_real_escape_string(trim($_SERVER['HTTP_REFERER'])), 2);
$arr = explode("/", $arr['1'], 2);
$siteref = $arr['0'];
if($ref == "" || ($ref != $siteref && $siteref != ""))
{
if($siteref != "")
$siterefer = $_SERVER['HTTP_REFERER'];
else
$siterefer = $_REQUEST['refer'];
$invalid = 2;
} else {
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
order by `domaincerts`.`id`";
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$query = "select *,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`revoked`=0 order by `orgdomaincerts`.`id`";
$bits = explode(".", $ref);
for($i = 1; $i < count($bits); $i++)
{
if($ref2 != "")
$ref2 .= ".";
$ref2 .= $bits[$i];
}
$query = "select *,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
(`domaincerts`.`subject` like '%subjectAltName=DNS:$ref2/%' or `domaincerts`.`subject` like '%subjectAltName=DNS:*.$ref2/%')
order by `domaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$invalid = 1;
} else {
$org = 1;
$query = "select *,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
(`orgdomaincerts`.`subject` like '%=$ref%' or `orgdomaincerts`.`subject` like '%=*.$ref2%') and
`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
`orgdomaincerts`.`revoked`=0 order by `orgdomaincerts`.`id`";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$invalid = 1;
} else {
$org = 1;
}
}
}
}
$cert = mysql_fetch_assoc($res);
if($org == 0)
if($invalid == 0)
{
$query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
`notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' GROUP BY `notary`.`to`";
$user = mysql_fetch_assoc(mysql_query($query));
} else {
$query = "select * from `orginfo` where `id`='$cert[orgid]'";
$orgi = mysql_fetch_assoc(mysql_query($query));
$cert = mysql_fetch_assoc($res);
if($org == 0)
{
$query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
`notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' GROUP BY `notary`.`to`";
$user = mysql_fetch_assoc(mysql_query($query));
} else {
$query = "select * from `orginfo` where `id`='$cert[orgid]'";
$orgi = mysql_fetch_assoc(mysql_query($query));
}
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
@ -90,7 +106,7 @@ google_ad_channel = "";
<? } else { ?>
<p style="color:red">This site has potentially abused CAcert logos and Copyrights, please report it so we may further investigate.</p>
<? } ?>
<p><a href="report.php?refer=<?=$_REQUEST['refer']?>">Problem with this site? Please report it</a></p>
<p><a href="report.php?refer=<?=$siterefer?>">Problem with this site? Please report it</a></p>
</div>
</div>
</body>

View file

@ -4,9 +4,23 @@
$arr = explode("/", $arr['1'], 2);
$ref = $arr['0'];
$arr = explode("//", mysql_real_escape_string(trim($_SERVER['HTTP_REFERER'])), 2);
$arr = explode("/", $arr['1'], 2);
$siteref = $arr['0'];
header('Content-type: image/png');
$im = imagecreatefrompng($img);
if($ref == "" || ($ref != $siteref && $siteref != ""))
{
$tc = imagecolorallocate ($im, 255, 0, 0);
imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc);
imagestring ($im, 2, 1, 45, "Click to Report", $tc);
imagepng($im);
exit;
}
$query = "select * from `domlink`,`domains`,`domaincerts`
where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and `domaincerts`.`revoked`=0 and
`domaincerts`.`subject` like '%subjectAltName=DNS:$ref/%' order by `domaincerts`.`id`";

View file

@ -41,7 +41,7 @@
$body .= "Reason: $reason\n";
$body .= "Comment: $comment\n";
sendmail("cacert-abuse@lists.cacert.org,$email", "[CAcert.org] Abuse Report.", $body, "website@cacert.org", "", "", "CAcert Website");
sendmail("cacert-abuse@lists.cacert.org", "[CAcert.org] Abuse Report.", $body, "website@cacert.org", "", "", "CAcert Website");
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
@ -87,7 +87,7 @@ google_ad_channel = "";
<label for="sub">&nbsp;</label><input type="submit" name="process" value="Report Site"><br />
</form>
<? } else { ?>
<p>We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible. You will receive a confirmation of your report by email.</p>
<p>We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible.</p>
<? } ?>
</div>
</div>

View file

@ -607,7 +607,7 @@ label {
label,input,select {
display: block;
width: 150px;
width: 250px;
float: left;
margin-bottom: 10px;
}

View file

@ -1,7 +1,7 @@
<?
if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes")
{
$output_file = $fname = "cacert-20060817.tar.bz2";
$output_file = $fname = "cacert-20061128.tar.bz2";
header('Pragma: public');