You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 209 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - pm.php direct access?!? [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
R5-T2
Nuke Soldier
Nuke Soldier


Joined: Mar 17, 2009
Posts: 14


PostPosted: Thu Mar 26, 2009 12:53 pm Reply with quoteBack to top

I noticed every PM ever sent on our site is easily viewed by typing the pm.php directory location in a web browser. No registration is necessary.

Surely this is not supposed to work this way.
Find all posts by R5-T2View user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Thu Mar 26, 2009 7:34 pm Reply with quoteBack to top

What version are you using? No current phpNuke uses pm.php

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
R5-T2
Nuke Soldier
Nuke Soldier


Joined: Mar 17, 2009
Posts: 14


PostPosted: Thu Mar 26, 2009 9:05 pm Reply with quoteBack to top

7.8
Find all posts by R5-T2View user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Thu Mar 26, 2009 11:33 pm Reply with quoteBack to top

Have an example? I don't see this in my files anywhere

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
R5-T2
Nuke Soldier
Nuke Soldier


Joined: Mar 17, 2009
Posts: 14


PostPosted: Thu Mar 26, 2009 11:57 pm Reply with quoteBack to top

It was sitting in the /html directory.

Typing MYWEBSITE.com/pm.php would show the entire history.

I moved it. Everything still works.
Find all posts by R5-T2View user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Fri Mar 27, 2009 6:02 pm Reply with quoteBack to top

Good enough. This file isn't included anywhere in the phpNuke package Wink

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Slackervaara
Captain
Captain


Joined: Sep 13, 2003
Posts: 355


PostPosted: Fri Mar 27, 2009 9:01 pm Reply with quoteBack to top

I would guess that a hacker has uploaded pm.php to your site. Similar things happened to me when I used SpChat. Certain modules can be abused to upload things.
Find all posts by SlackervaaraView user's profileSend private message
R5-T2
Nuke Soldier
Nuke Soldier


Joined: Mar 17, 2009
Posts: 14


PostPosted: Sat Mar 28, 2009 8:19 am Reply with quoteBack to top

Could be. One thing is certain. It was put there intentionally by someone.
Find all posts by R5-T2View user's profileSend private message
moshxsoft
Nuke Cadet
Nuke Cadet


Joined: Sep 03, 2008
Posts: 6


PostPosted: Wed Sep 16, 2009 7:02 am Reply with quoteBack to top

What version are you using?

_________________
http://tahdeth.blogspot.com/
Find all posts by moshxsoftView user's profileSend private messageVisit poster's website
kbgus
Premium
Premium


Joined: Jul 17, 2003
Posts: 49


PostPosted: Thu Sep 24, 2009 6:58 pm Reply with quoteBack to top

I know this is a little late, but for future reference:

Check with your web host - this looks like a server security issue. Also check your web logs.

_________________
Software is like sex: It's better when it's free. (Linus Torvalds)
http://nukeSEO.com - PHPNuke SEO Search Engine Optimization, professional tools for PHP-Nuke
Find all posts by kbgusView user's profileSend private messageVisit poster's website
Slackervaara
Captain
Captain


Joined: Sep 13, 2003
Posts: 355


PostPosted: Thu Sep 24, 2009 9:18 pm Reply with quoteBack to top

When you look in your accesslogs make a search in them for pm.php and you will maybe easy find how the hacker uploaded it.
Find all posts by SlackervaaraView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.250 Seconds - 128 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::