NukeCops - Sec-Fix Patch SFP

You are missing our premiere tool bar navigation system! Register and use it for FREE!

Create an account

• Home • Downloads • Gallery • Your Account • Forums •

Readme First

- Readme First! -
Read and follow the rules, otherwise your posts will be closed

Modules

· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account

Who's Online

There are currently, 158 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

Bug Fix: Sec-Fix Patch SFP

Security patch for PHP-Nuke 7.0 and 7.1 designed to secure the Reviews, Search, Sections and Surveys modules against a vulnerability being exploited in the same fashion the Downloads and Web_Links modules were compromised a while back. In the case of the Reviews module you can help secure it by following a tip by Raven, find 2 instances of where id=$id and change to where id = '$id'

Downloads: PHP-Nuke 6.5 - 6.9 - PHP-Nuke 7.0 - PHP-Nuke 7.1

Admin Note: The index.php file was already patched in the Nuke Cops CVS PHP-Nuke Bundle last year: here. Those running this release are OK.

Posted on Thursday, February 05 @ 00:54:20 CET by [RETIRED]chatserv

Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating

Average Score: 5
Votes: 3

Options

Printer Friendly Page

Send to a Friend

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Sec-Fix Patch SFP (Score: 1)
by foxyfemfem on Thursday, February 05 @ 10:17:55 CET
(User Info | Send a Message)

Hello CS,

Is there a changelog file for the SF? My website is GT and I can't afford to copy over the files without losing the GT stuff. Can you add a changelog so I can manually apply the fixes?

Re: Sec-Fix Patch SFP by chatserv on Thursday, February 05 @ 10:54:19 CET
Re: Sec-Fix Patch SFP by kipuka on Thursday, February 05 @ 13:03:54 CET
- Re: Sec-Fix Patch SFP by chatserv on Thursday, February 05 @ 13:23:01 CET

Re: Sec-Fix Patch SFP (Score: 1)
by Johan1982 on Thursday, February 05 @ 12:55:08 CET
(User Info | Send a Message)

Nuke 6.0 also has those vulnerabilities?

Re: Sec-Fix Patch SFP by IACOJ on Thursday, February 05 @ 15:59:15 CET
- Re: Sec-Fix Patch SFP by Johan1982 on Thursday, February 05 @ 16:26:06 CET

Re: Sec-Fix Patch SFP (Score: 1)
by Zhen-Xjell on Thursday, February 05 @ 14:51:08 CET
(User Info | Send a Message) http://castlecops.com

I suggest that this code, which is similar to the one I wrote for admin.php exploit, be placed into the mainfile.php. If you notice in most modules mainfile.php is typically called before header.php. Why let Apache process more pages than its worth if its a hack? Let mainfile.php stop it quicker. Saves on performance for high volume sites.

Re: Sec-Fix Patch SFP by chatserv on Thursday, February 05 @ 15:31:38 CET
- Re: Sec-Fix Patch SFP by chatserv on Thursday, February 05 @ 15:45:21 CET

Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.083 Seconds - 806 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)

:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::