PHP-Nuke Script Insertion Vulnerabilities Date: Wednesday, March 24 @ 15:20:43 CET Topic: Security Janek Vind "waraxe" has reported some vulnerabilities in PHP-Nuke, allowing malicious people to conduct script insertion attacks. The problem is that certain parameters such as the "img" tags allow URLs to be specified. These URLs can contain references to administrative functions, which will be executed when an administrative user reads a forum posting or an u2u message with a malicious "img" tag. An example has been published, which will add a new administrative user. The vulnerabilities have been reported in version 7.10 and prior. Solution: A possible workaround is to change the URL for administrative functions to contain a secret and random path. Note this is imperfect and may be revealed using a similar technique. Edit the source code to disallow the use of the "img" tag. Use another product. http://secunia.com/advisories/11195/ Discovered a while ago and has been fixed by both Zhen and a forum member. This article comes from NukeCops http://www.nukecops.com The URL for this story is: http://www.nukecops.com/modules.php?name=News&file=article&sid=1806