 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 567 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
 BobMarion writes "Anyone using PHP-Nuke's Downloads module should deactive it and patch it! The patch is simple, open modules/Downloads/index.php in a text editor and find function viewdownload and place $cid = intval($cid); right after the global line. There is a new attack that will list your sites admin account with aid's and passwords if you do not use this patch.
You need to do the same thing in the function viewlink in modules/Web_Links/index.php . This is a quick fix and I'm sure a better fix can be made but this cures the problem for now.
Admin Note: Hi'ya and thanks for sharing. I like to bring this back to the public's attention to ensure this does not go untouched. For complete and enhanced details about the download patch read the original Nuke Cops publication here. Patch away!"
|
|
Posted on Sunday, October 12 @ 18:58:38 CEST by Zhen-Xjell |
|
|
|
|
| |
|
Average Score: 3.5
Votes: 2
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Security Hole!! (Score: 1)
by wizkid on Sunday, October 12 @ 18:59:40 CEST
(User Info | Send a Message) | A much quicker and cleaner approach to securing these problem files would be to implement code JUST BEFORE the switch functions (or near the top of each module) to do the same but GLOBALLY for all variables.
Example: (in Web_Links/index.php)
if (isset($ratinglid) && isset ($ratinguser) && isset ($rating)) {
$ret = addrating($ratinglid, $ratinguser, $rating, $ratinghost_name, $ratingcomments);
}
// Secure the module
$lid = intval($lid);
$cid = intval($cid);
/*
... rest of variable cleanup ... Since you know here before you call any functions you clean up all variables. EVERY module should have such code, or create a better way to pass variables to each module.
*/
switch($l_op) {
case "menu":
menu($mainlink);
break;
case "AddLink":
|
| | | | |
Re: Security Hole!! (Score: 1)
by chatserv on Monday, October 13 @ 00:06:52 CEST
(User Info | Send a Message) http://nukeresources.com | | A few things about the suggested fixes, first $cid and/or $lid should not be the only variables secured, if as a script kiddie you block me from inserting code through $cid i'll just use $cid2, $cid3 or some other, aside from that using trim($somevariable) will stop the code from passing through other variables by stripping blank spaces which were being used in some of the injection attempts, both these checks along with some others must be performed before attempting to find if rating, ratinglid and ratinguser are set because a sql injection through $rating (for example) could be seen as $rating being set which is half true, there's something there but it's not what we expeted hence the need to check first. |
| | | | | |
|
