You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 308 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Important: XSS Security Fix
SecurityEvaders99 writes "A critical XSS security issue has been found for all phpNuke less than 7.9 (7.9's filtering scheme seems to be immune). Apply the latest changes to mainfile.php (Select Diff to previous 1.10). All the Nuke Patched Core packages for phpNuke 7.6, 7.7, 7.8 have been updated to include this fix.

This applies the same to the Patched files. Other packages may require other code changes."
Posted on Wednesday, September 28 @ 17:11:25 CEST by VinDSL
 
Related Links
· Computer Cops
· More about Security
· News by VinDSL


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 5
Votes: 2


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Important: XSS Security Fix (Score: 1)
by Xyberian (fake@earth.unverse) on Wednesday, September 28 @ 17:34:43 CEST
(User Info | Send a Message) http://www.nukekorea.net
Great appreciation, Evaders99.



Re: Important: XSS Security Fix (Score: 1)
by edogs on Thursday, September 29 @ 16:39:16 CEST
(User Info | Send a Message) http://www.dogsempire.com
Hell, Guys
We can't find there
http://evaders.swrebellion.com/modules.php?name=NukeWrap&page=cvsrepos/mainfile.php?only_with_tag=phpNuke76

echo _ERRORINVEMAIL;

and other lines in our php-nuke 7.6 mainfile.php

Could someone explain that we are talking about?



Re: Important: XSS Security Fix (Score: 1)
by Yoda99 on Saturday, October 01 @ 02:53:08 CEST
(User Info | Send a Message)
I am running 7.5 is there a fix available for this version or is there no security issue there?



Re: Important: XSS Security Fix (Score: 1)
by Evaders99 on Saturday, October 01 @ 21:17:08 CEST
(User Info | Send a Message) http://www.swrebellion.com
I'm awaiting chatserv to fix it in the Patched files packages.

My Nuke Patched Core will be updated for a 7.5 release ASAP


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.153 Seconds - 239 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::