php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #11839 hack? following is a discussion of the hack...... Is PHP the problem?????????
Submitted: 2001-07-02 12:13 UTC Modified: 2001-07-05 08:29 UTC
From: mlidd at jhu dot edu Assigned:
Status: Not a bug Package: Unknown/Other Function
PHP Version: 4.0.6 OS: linux (redhat7.1)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mlidd at jhu dot edu
New email:
PHP Version: OS:

 

 [2001-07-02 12:13 UTC] mlidd at jhu dot edu
To: B?rd Farstad <bf@ez.no>
Subject: Re: FYI:more the funny problem

I use REDHAT 7.1 and whatever comes with it plus what needs to be loaded for eZPublish.

Everything works correctly on my test server: the browser (netscape 4.7+) displays the ad ok.  The client test machine in a win98 2nd ed with netscape and IE.  (I originally tested the client on the win machine so I could if IE displayed the site correctly.) Both browsers display the "problem" on the client machine.  So I don't think the problem on the client side.  It is not eZpublish.  So it has to be in the apache or the apache modules.  My guess is that it is in the PHP module. 

I tried one other case: I copied the print line in ezadlist and put it AFTER the ?> line WITHOUT the  print function name, the  (, ), and the ; .  The html was still commented out only on the remote browser.  I could have snooped (tcpdump on linux) the server output, but since I got in a  workaround, I figured I just wait until I had time to look into the PHP code.

Since you've been so helpfull :) I thought I'd let you know about the "joke" so you weren't caught unaware..

I am forwarding this mail exchange to the PHP group.  OK?

Mark




To: B?rd Farstad <bf@ez.no>
Subject: Re: FYI:more the funny problem

Ah now you ARE getting it.  ezad doesn't do it, the php apache module does it.

any html tag "<something ... /something>" with the /ad/ string gets commented out (<--! before  and !--> after) that gets sent to a remote client.

As I said if you changed the adlist to:
print  "<a target=\"_blank\" href=\"/";
print "a";
print "d";
print ("goto/$adID/\"><img src=\"$imgSRC\" width=\"$imgWidth\" height=\"$imgHeight\" border=\"0\" alt=\"\" /></a><br />" );

it still wouldn't work so it MUST be done in the PHP module.

using 
print( "<a target=\"_blank\" href=\"/add/goto/$adID/\"><img src=\"$imgSRC\" width=\"$imgWidth\" height=\"$imgHeight\" border=\"0\" alt=\"\" /></a><br />" );

works fine as long as you do a softlink from /ezad to /ezadd. (notice I changed the /ad/ to /add/)

great huh, 

watch out for it.  Again I noticed this in php 4.0.6  I didn't test a remote client when I used php 4.0.5


At 04:27 PM 7/2/01 +0200, you wrote:
Hi Mark,

I don't understand how the eZ ad module can do this.. All it does is print a 
link with image like this:

print( "<a target=\"_blank\" href=\"/ad/goto/$adID/\"><img src=\"$imgSRC\" 
width=\"$imgWidth\" height=\"$imgHeight\" border=\"0\" alt=\"\" /></a><br />" 
);

Have I misunderstood something?


-- 
B?rd Farstad
Systems developer
ez.no | developer.ez.no | zez.org


To: B?rd Farstad <bf@ez.no>
Subject: Re: FYI:more the the funny problem

mmmm.

On the server, when I use the netscape client to view the "page source",  I see the correct HTML for the banner ad.  On a client,  with netscape (or IE) when I view the SAME PAGE source, I see the HTML line for the banner ad commented out.

I ran the following test: When I output anything with the 4 character string /ad/ , the html gets commented out.  I tested this with print and echo.  I also used several print statements outputing a letter at a time. The result is the same: the html with /ad/ ONLY when going to the client on another computer is commented out.

This is using php 4.0.6  that I downloaded from www.php.net site from the download link
http://www.php.net/do_download.php?download_file=php-4.0.6.tar.gz&source_site=www.php.net

and compiled myself.  I gave up looking for the module, figuring that a later PHP version won't have it.  My workaround is to change the line in adlist.php from /ad/ to /add/ and to put a softlink from ezad to ezadd.

Pretty conclusive to me.  watch for it.  PHP 4.x has a single point that all the output goes through.  My guess is that the malicious code is there.  In my PHP 4.0.6 distribution anyway.

FYI
Mark


 At 09:10 AM 7/2/01 +0200, you wrote:
Hi,

not sure what problems you are having with the banner ads. They're not 
dependant on the host viewing the page. If you're using the current CVS then 
expect the code not to work (right now).


I've got a few things to fix in ezcalendargroup edit and then I'm done.  Everything is pretty slick.  I'll spend a day or so adding some content and should be on the net by wednesday at the earliest and monday at the latest.  After you get a chance to look at my site, I'll send you the code.


Mark




-- 
B?rd Farstad
Systems developer
ez.no | developer.ez.no | zez.org


On Saturday 30 June 2001 21:16, you wrote:
> Sorry if I thought it was "you"  I think it is somewhere in the PHP code (I
> use 4.0.6).
> I'll spend another hour or so on it today.  Pretty funny if you think about
> it.   A person gets their stuff working and then puts it on the net only to
> find out sometime later that the banner ads never got displayed elsewhere,
> only on their development machine.  I will find it.  I don't feel spending
> my processor $$ on searching for the banner string.
>
> The calendar code is coming along nicely.   I just fixing a few minor
> problems.  I intend to get restarted on getting the production machine on
> the network.
>
>
> I think the I don't if you guys put it in the code or not but there is a
> problem.   The work-around is pretty simple.
>
> It seems that the html is post-processed somewhere looking for the banner
> code.  When the client is on another computer the banner code is commented
> out.  So the user doesn't see the banner ad.  First I thought the print
> function was redefined, but that's not it.
>
> Is this something you guys did as a hack?
>
>
> Mark

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-07-02 12:39 UTC] derick@php.net
Can you please summarize this?

Derick
 [2001-07-05 08:29 UTC] derick@php.net
It was a problem with Norton programs.
Bogusifying

Derick
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 17:01:29 2024 UTC