|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 322 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
 Security patch for PHP-Nuke 7.0 and 7.1 designed to secure the Reviews, Search, Sections and Surveys modules against a vulnerability being exploited in the same fashion the Downloads and Web_Links modules were compromised a while back. In the case of the Reviews module you can help secure it by following a tip by Raven, find 2 instances of where id=$id and change to where id = '$id'
Downloads: PHP-Nuke 6.5 - 6.9 - PHP-Nuke 7.0 - PHP-Nuke 7.1
Admin Note: The index.php file was already patched in the Nuke Cops CVS PHP-Nuke Bundle last year: here. Those running this release are OK.
|
|
Posted on Thursday, February 05 @ 00:54:20 CET by [RETIRED]chatserv |
|
|
|
|
| |
|
Average Score: 5
Votes: 3
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Sec-Fix Patch SFP (Score: 1)
by foxyfemfem on Thursday, February 05 @ 10:17:55 CET
(User Info | Send a Message) | Hello CS,
Is there a changelog file for the SF? My website is GT and I can't afford to copy over the files without losing the GT stuff. Can you add a changelog so I can manually apply the fixes? |
Re: Sec-Fix Patch SFP (Score: 1)
by chatserv on Thursday, February 05 @ 10:54:19 CET
(User Info | Send a Message) http://nukeresources.com | I haven't made one but there are at least two things you can do to protect the site, not sure if they'll post correctly here but here goes anyway:
Near the top of header.php insert:
if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) {
echo "die";
exit;
}
Near the top of Reviews/index.php insert:
if (isset($id)) {
$id = intval($id);
} |
]
Re: Sec-Fix Patch SFP (Score: 1)
by kipuka on Thursday, February 05 @ 13:03:54 CET
(User Info | Send a Message) | If you are on windows, there are some pretty decent file comparison tools out there. One is ExamDiff which is a freeware to do comparisons across two files. http://www.prestosoft.com/ps.asp?page=edp_examdiff Their paid version allows you to do it across multiple directories. I haven't found a freeware capable of doing the latter.
If you are on Linux, you can use the diff command to get the differences.
chatserv: Your suggestion to add to header can be bypassed. |
]
Re: Sec-Fix Patch SFP (Score: 1)
by chatserv on Thursday, February 05 @ 13:23:01 CET
(User Info | Send a Message) http://nukeresources.com | | The suggested code for the reviews module cannot be bypassed, nothing but numbers will pass through $id, the other code can be bypassed but only by changing the format of the attack used, as is it will block the attack as reported, if the line used in the attack changes of course the code will fail, now this is a perfect time to clear something up, the lines of code posted above are not what make up the sec-fix patch but a temp workaround for foxy. As you suggest there are some nice Win based diff programs, i for one use Beyond Compare, using one of said programs a user with fair knowledge can modify the files without any problems. |
]
| | | | |
Re: Sec-Fix Patch SFP (Score: 1)
by Johan1982 on Thursday, February 05 @ 12:55:08 CET
(User Info | Send a Message) | | Nuke 6.0 also has those vulnerabilities? |
Re: Sec-Fix Patch SFP (Score: 1)
by IACOJ on Thursday, February 05 @ 15:59:15 CET
(User Info | Send a Message) | Hi Johan1982
Yes 6.0 will more then likely (99.999% sure) have the same vulnerability. I'm afraid I don't have a working copy of 6.0 to test it on. |
]
Re: Sec-Fix Patch SFP (Score: 1)
by Johan1982 on Thursday, February 05 @ 16:26:06 CET
(User Info | Send a Message) | Thanks for the answer, then my doubt is because I do not see patches for Nuke 6.0, I do not know if the patches that chatserv did recently solve those
bugs in Nuke 6.0 |
]
| | | | |
Re: Sec-Fix Patch SFP (Score: 1)
by Zhen-Xjell on Thursday, February 05 @ 14:51:08 CET
(User Info | Send a Message) http://castlecops.com | | I suggest that this code, which is similar to the one I wrote for admin.php exploit, be placed into the mainfile.php. If you notice in most modules mainfile.php is typically called before header.php. Why let Apache process more pages than its worth if its a hack? Let mainfile.php stop it quicker. Saves on performance for high volume sites. |
Re: Sec-Fix Patch SFP (Score: 1)
by chatserv on Thursday, February 05 @ 15:31:38 CET
(User Info | Send a Message) http://nukeresources.com | | Like i mentioned before i only posted the above code as a workaround, the patch was released in kind of a hurry so i had no chance to make a diff file that would allow for manual modification of the files, as mentioned throughout the forums the code in question can be by-passed, it is best to secure the variables, hence why it's only a temp workaround, the patch on the other hand does secure the variables. I'll try to make the diff file shortly but at the moment i'm a bit tied up in terms of time. |
]
| | | | | |
