bueno a ver si esto te sirve, primero de nada haz una copia de seguridad del archivo
mainfile.php de tu phpnuke, luego abres dicho archivo y buscas esto:
Código:
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you
attempted to use are not allowed</b><br><br>[ <a
href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you
attempted to use are not allowed</b><br><br>[ <a
href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
y lo borras, despues buscas esto:
Código:
function is_admin($admin) {
global $prefix, $db;
static $adminSave;
if (isset($adminSave)) return ($adminSave); //steve
if(!is_array($admin)) {
$admin = base64_decode($admin);
$admin = explode(":", $admin);
}
$aid = $admin[0];
$pwd = $admin[1];
if ($aid != "" AND $pwd != "") {
$aid = trim($aid);
$sql = "SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row['pwd'];
if ($pass == $pwd && $pass != "") {
return $adminSave = 1;
}
}
return $adminSave = 0;
}
y debajo añades esto:
Código:
if (!is_admin($admin)) {
foreach ($_GET as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you
attempted to use are not allowed</b><br><br>[ <a
href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue))) {
die ("<center><img src=images/logo.gif><br><br><b>The html tags you
attempted to use are not allowed</b><br><br>[ <a
href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
}
lo guardas y lo subes a tu servidor y listo, con esto se deberia soluccionar tu problema, un saludo