Welcome! Log In Create A New Profile

Advanced

sphider-plus -> favorites search spam

Posted by Ranbir 
sphider-plus -> favorites search spam
November 28, 2008 11:22AM
It is possible to exploit the "Most popular searches: " displayed by searching repeatedly for some unrelated (and possibly offending) text.

How to exclude certain words from being used in a search? and from being added into sphider-plus "Most popular searches"?
Tec
Re: sphider-plus -> favorites search spam
November 28, 2008 07:03PM
Hello Ranbir,

Your issue 1
Sorry, but I don't understand your question quite well. Perhaps an example could bring me up.


Your issue 2
In .../include/commonfuncs.php seach for:

  $input = eregi_replace("SQL|SYSTEM|TRUNCATE|UNION|UPDATE|DUMP","",$input);

This is one of 3 rows that are used to prevent SQL-injections, XSS-attacks and Shell-executes.
In other words if the query holds one of these words, they will be killed. Even if they are only part of a query and independent of upper and lower case characters. There you will find your solution. Just create another row with your additional restrictions and place it beyond the others.
Example:
 
$input = eregi_replace("porno|sex|adult","",$input);

Another example deleting not only the 'stop words' but the complete query:
if (preg_match("/porno|sex|adult/i",$input)) {
    $input = '';        
}


Happy coding
Tec
Sorry, only registered users may post in this forum.

Click here to login