 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 600 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Latest SQL Injection Feedback. |
|
 Jeruvy writes "Janek Vind has posted his latest PHP-Nuke Exploit entitled:
waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2
After reviewing this exploit against phpnuke 6.8, 6.9, and 7.0 all patched with previously available patches we discovered this bypass doesn't work.We did confirm unpatched phpnuke versions are affected
You may review Janek's article on BUGTRAQ, either by a web reflector or usenet or the mailing list itself.
Once again, the key to this bypass working is this section of code:
From admin.php line 16
if (preg_match("/?admin/", "$checkurl")) {
echo "die";
exit;
If you have changed this code to:
if ((!(strpos("$checkmyurl", "?admin=") === FALSE)) ||
(!(strpos("$checkmyurl", "&admin=") === FALSE))) {
echo "die - email Jeruvy for details";
exit;
Then the whole thing fails. The entire discussion of this code is reviewable right here on nukecops.com so you can see for yourself that this is neither new nor a problem for those who apply the patches.
So if you start seeing:
http://localhost/nuke71/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&add_email=foo@bar.com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox
In your server logs you can thank Janek.
One thing worth noting is the base64 encoded UNION, nicely obsfucates it.
J.
j e r u v y a t y a h o o d o t c o m
"
|
|
Posted on Wednesday, April 14 @ 17:39:01 CEST by Zhen-Xjell |
|
|
|
|
| |
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Latest SQL Injection Feedback. (Score: 1)
by bohrme on Friday, April 16 @ 00:49:53 CEST
(User Info | Send a Message) http://www.eSnider.net | | How can 6.9 be safeguarded against this kind of attack? Are there patches and if so where are they? URL please. |
| | | | |
Re: Latest SQL Injection Feedback. (Score: 1)
by Jeruvy on Friday, April 23 @ 12:28:37 CEST
(User Info | Send a Message) | Keep in mind with the currently available patches, this exploit did not affect 6.8 6.9 and 7.0
However, out of the box these versions are vulnerable.
|
| | | | |
Re: Latest SQL Injection Feedback. (Score: 1)
by waraxe on Friday, April 23 @ 14:51:33 CEST
(User Info | Send a Message) | Filtering works effectively only, if GET, POST and COOKIE are filtered, not only some of them. And anyway, this is just preventive method. PhpNuke author - Francisco Burzi - has just writed code with FUNCTIONALITY in mind, not security...
You can add new filters, protectors and other stuff EVERY DAY, but this is not normal - nuke engine must be rewritten from scratch. |
| | | | | |
|
