You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 332 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - This new security hole... [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
foxyfemfem
Support Staff
Support Staff


Joined: Jan 23, 2003
Posts: 668

Location: USA

PostPosted: Sat Jun 05, 2004 5:15 am Reply with quoteBack to top

VinDSL wrote:
Once again, this is a server administration issue.
I'm on a shared server, my hosting company offer phpnuke via cpanel (meaning alot of their clients utilize phpnuke) and of course I added a link at their forums to nukecops.com for users to come here if they need assistance with phpnuke, should I ask them if this exploit is a threat to us (those on shared server)?

_________________
If you shoot for the moon and miss, you'll still be amongst the stars.
Find all posts by foxyfemfemView user's profileSend private message
Tank863
Lieutenant
Lieutenant


Joined: Feb 21, 2003
Posts: 195

Location: Philadelphia

PostPosted: Sat Jun 05, 2004 7:10 am Reply with quoteBack to top

Try this as a proof of concept.

http://www.example.com/modules/News/categories.php/modules.php

change example to your domain..
Find all posts by Tank863View user's profileSend private messageVisit poster's websiteICQ Number
foxyfemfem
Support Staff
Support Staff


Joined: Jan 23, 2003
Posts: 668

Location: USA

PostPosted: Sat Jun 05, 2004 7:26 am Reply with quoteBack to top

@Tank863
I tried that concept at my website with and without judas' fix suggestion . This is what I received
Code:
Warning: main(mainfile.php): failed to open stream: No such file or directory in /home/xxx/public_html/modules/News/categories.php on line 23

Fatal error: main(): Failed opening required 'mainfile.php' (include_path='.:/COMPLETE PATH') in /home/xxx/public_html/modules/News/categories.php on line 23
Um, should I panic now? <standing next to panic button> Confused

_________________
If you shoot for the moon and miss, you'll still be amongst the stars.
Find all posts by foxyfemfemView user's profileSend private message
Tank863
Lieutenant
Lieutenant


Joined: Feb 21, 2003
Posts: 195

Location: Philadelphia

PostPosted: Sat Jun 05, 2004 7:35 am Reply with quoteBack to top

That is exactly what I received...

I'm not a coding expert... but I am working on trying what waraxe suggested...

http://www.waraxe.us/forum/viewtopic.php?t=96

hopefully someone can come up with a good fix...
Find all posts by Tank863View user's profileSend private messageVisit poster's websiteICQ Number
Tank863
Lieutenant
Lieutenant


Joined: Feb 21, 2003
Posts: 195

Location: Philadelphia

PostPosted: Sat Jun 05, 2004 8:19 am Reply with quoteBack to top

Foxy..

this is what phpBB does..

in their stand alone phpbb

in the common.php they have

Code:

if ( !defined('IN_PHPBB') )
{
   die("Hacking attempt");
}


in the index.php and all other *.php files they have
Code:

define('IN_PHPBB', true);



So what I am suggesting... from waraxe's suggestion...

is something like this in the mainfile.php

Code:


if ( !defined('IN_NUKE') )
{
   die("Hacking attempt");
}


In all other files... ??

Code:

define('IN_NUKE', true);


I am going to test this out and post results...

Tank863
Find all posts by Tank863View user's profileSend private messageVisit poster's websiteICQ Number
VinDSL
Site Admin
Site Admin


Joined: Jul 08, 2003
Posts: 1193

Location: Arizona (USA) Site Admin: Lenon.com Admin: Disipal Designs

PostPosted: Sat Jun 05, 2004 8:29 am Reply with quoteBack to top

Tank863 wrote:
Try this as a proof of concept.

http://www.example.com/modules/News/categories.php/modules.php

change example to your domain..

Alrighty then... this 'new, new security hole' is quite a different matter!

http://www.waraxe.us/forum/viewtopic.php?t=96

Your proof of concept example reveals full path info which makes it much easier to hack a site then having to work in the blind. This is NOT a good thing! It makes the perps job a lot easier.

Time to put the 'thinking caps' on... Wink

_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: VinDSL's Lenon.com | The Disipal Site ::.
Find all posts by VinDSLView user's profileSend private messageVisit poster's websiteICQ Number
Tank863
Lieutenant
Lieutenant


Joined: Feb 21, 2003
Posts: 195

Location: Philadelphia

PostPosted: Sat Jun 05, 2004 9:19 am Reply with quoteBack to top

Not working... as I hoped Sad
Find all posts by Tank863View user's profileSend private messageVisit poster's websiteICQ Number
foxyfemfem
Support Staff
Support Staff


Joined: Jan 23, 2003
Posts: 668

Location: USA

PostPosted: Sat Jun 05, 2004 9:35 am Reply with quoteBack to top

Okay, it's time for me to sound the alarm <panic attack> Shocked .. Now where are all those security coders? Is there a security script available that will stop this? How about a temp .htaccess file to deny access until a fix is produced? Or a small sniplet in mainfile.php?

_________________
If you shoot for the moon and miss, you'll still be amongst the stars.

Last edited by foxyfemfem on Sat Jun 05, 2004 9:38 am; edited 1 time in total
Find all posts by foxyfemfemView user's profileSend private message
Tank863
Lieutenant
Lieutenant


Joined: Feb 21, 2003
Posts: 195

Location: Philadelphia

PostPosted: Sat Jun 05, 2004 9:37 am Reply with quoteBack to top

Maybe... I didn't look at the phpbb files long enough.. they may include other lines that I need to add in for protection..

like a file called extension.inc and have a particluar file call on this extension.inc... hmm

again.. I am not a hard core coder.. I am learning as I go along...
Find all posts by Tank863View user's profileSend private messageVisit poster's websiteICQ Number
Tank863
Lieutenant
Lieutenant


Joined: Feb 21, 2003
Posts: 195

Location: Philadelphia

PostPosted: Sat Jun 05, 2004 9:42 am Reply with quoteBack to top

I wouldn't sound the alarm quite yet..

http://ravenphpscripts.com/postp12835.html#12835
Find all posts by Tank863View user's profileSend private messageVisit poster's websiteICQ Number
foxyfemfem
Support Staff
Support Staff


Joined: Jan 23, 2003
Posts: 668

Location: USA

PostPosted: Sat Jun 05, 2004 9:47 am Reply with quoteBack to top

How about someone produce a script like this...

nukeauth.php - This script is placed at the top of every page you want to protect. It checks the user's ID and session details against the database and if the details don't match a current valid session, the browser is redirected to access denied page or something similar.

_________________
If you shoot for the moon and miss, you'll still be amongst the stars.
Find all posts by foxyfemfemView user's profileSend private message
foxyfemfem
Support Staff
Support Staff


Joined: Jan 23, 2003
Posts: 668

Location: USA

PostPosted: Sat Jun 05, 2004 9:56 am Reply with quoteBack to top

yipee woohoo, I can step away from the panic button. <blow Raven a kiss from across the river> .. Thanks sweetie, now I will patiently sit back and wait on you to turn that blank screen into a "get the devil land off my website" message Mr. Green

_________________
If you shoot for the moon and miss, you'll still be amongst the stars.
Find all posts by foxyfemfemView user's profileSend private message
Tank863
Lieutenant
Lieutenant


Joined: Feb 21, 2003
Posts: 195

Location: Philadelphia

PostPosted: Sat Jun 05, 2004 10:02 am Reply with quoteBack to top

Also.. from madman and waraxe

http://www.waraxe.us/forum/viewtopic.php?t=100
Find all posts by Tank863View user's profileSend private messageVisit poster's websiteICQ Number
Raptor1
Sergeant
Sergeant


Joined: Oct 06, 2003
Posts: 85

Location: Conway SC

PostPosted: Sat Jun 05, 2004 10:12 am Reply with quoteBack to top

I'm not on a shared server so thr's no need for me to worry?

_________________
Knowledge is not gained by just learning, but by teaching those that do not understand. Learning is something we all do without knowing, while gaining knowledge to understand. Wisdom is reserved for others, not you. Understand?
Find all posts by Raptor1View user's profileSend private messageSend e-mailVisit poster's websiteAIM AddressYahoo MessengerMSN MessengerICQ Number
telli
Support Mod
Support Mod


Joined: Aug 21, 2003
Posts: 335


PostPosted: Sat Jun 05, 2004 10:35 am Reply with quoteBack to top

Here is a fix for it. Thank Tank and waraxe for the idea.

Open your mainfile.php right after the <?php place this:

Code:

//In Nuke Check by Telli http://codezwiz.com/
//Idea taken from Tank863 & Waraxe
define ('IN_NUKE',1);


Open your files that are in need of the patch I believe the security focus has the list and find this code:

Code:
if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {
    die ("You can't access this file directly...");
}


Under that place this:

Code:

//In Nuke Check by Telli http://codezwiz.com/
//Idea taken from Tank863 & Waraxe
if ( !defined('IN_NUKE') )
{
        die("Hacking attempt");
}


You will also to need to make sure that there is a include of the mainfile.php many add-ons do not have it so it may have to be added. In that case just add this code:

Code:
require_once("mainfile.php");


Right after the new code you added so it will look like this:

Code:
//In Nuke Check by Telli http://codezwiz.com/
//Idea taken from Tank863 & Waraxe
if ( !defined('IN_NUKE') )
{
        die("Hacking attempt");
}
require_once("mainfile.php");


And it will block them.

http://www.codezwiz.com/modules/News/categories.php/modules.php

_________________
[img]http://www.codezwiz.com/extern.php?get=sig[/img]
http://www.codezwiz.com
PHPNuke Themes
$3.99 500 MB Storage & 20 GIG Trans w/ NO limit MYSQL
Click Me

Last edited by telli on Sat Jun 05, 2004 11:02 am; edited 1 time in total
Find all posts by telliView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.044 Seconds - 561 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::