Cracker Tracker FAQ admin_faq_editor worm exploit

[cutegothpirate]

I'm sorry for posting a new post, but I wanted the post to be found easily with the words I used in the topic.
I searched the forums, the KB, the bug fixes, the archives, and everything I could on this site for about an hour, and still have not solved my problem.
I ran debug mode on cracker tracker and did the fix, but it still does not work.
I made an extra faq for my site for my users.
I cannot add questions and answers without CT going nuts.
I did this

Code: Select all

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Script-Filename: /admin/admin_faq_editor.php----------------  Request-Method: POST  Matching rule: and In variable:   answer  Matching rule: into In variable:   answerPossible solution:------------------  ##-----[ OPEN ]------------------------------------------#/admin/admin_faq_editor.php  ##-----[ FIND ]------------------------------------------#require('./pagestart.' . $phpEx);  ##-----[ AFTER, ADD ]------------------------------------------#define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('answer');  ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM      

I did this the first time, and I was able to add another 2 questions and answers, then it started not letting me enter even a question.

I tried the fix of entering the question in there too like

Code: Select all

 define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('answer','question');  

And that didn't work, so I just went back to the

Code: Select all

 define('CT_SECLEVEL', 'MEDIUM');$ct_ignorepvar = array('answer');  

So, it still won't let me enter questions and answers without stopping me.
Please give me a fix, and add it to the fixes of the next debugger.
Thank you!

[CaNNon]

Did you use the patch first? I gave it a bump getting to far to go look for it. <img>

[url=http]http://www.integramod.com/forum/viewtopic.php?t=2830[/url]
use the patch first... you will find life easer.
If it don't fix it then set the level from medium to low.

Code: Select all

 define('CT_SECLEVEL', 'LOW');$ct_ignorepvar = array('answer');  

[cutegothpirate]

Im so sorry! I forgot to include that I did all that too!
I installed the patch, the thing worked again for 2 questions, then blocked me again.
Then I tried setting it to low, and it still blocked me. I don't know why this thing hates me so much, I just want an faq!

[CaNNon]

Matching rule: and

<--- did you add this or was it like that?

Also when making the faq check to see if the "and" word is used in your text when CT goes off.

[cutegothpirate]

It was like that.
But I don't know what it means.

what I entered was this
If I can buy admin, can't just anyone buy admin?

And then CT went off.

[Teelk]

Could be that the debugger is getting it's info wrong and that another file that is being included from admin_faq_editor.php is responsible for the false positive. You can try opening the ct_security.php file in the ctracker/engines directory and adding it to the large list of ignores. I believe that where the file is, I've been away a while and I'm not on my home computer at the moment. But, it is in the ctracker directory somewhere.

[cutegothpirate]

I have to bump this because even though Teelk replied, I still have no idea what he meant.
I have however figured out that CT doesn't prevent me from adding to the faq if I don't make the question as long as it was.

If I enter
If I can buy admin, can't just anyone buy admin?
It stops me.
However if I enter
Can just anyone buy admin?
It doesn't.

So, it must be the length of the question. Therefore until anyone comes up with a fix and any other people run into this problem, try shortening your question.