SW:Rebellion NetworkHosted by the SW:Rebellion Network
Welcome to Evaders Squadron Coding [ESC]
Did you know that... this site runs with your support! Please donate to our Paypal!
Home Forums Nuke Patched Core Coding Services Webmaster Services Personal
  Login/Create an Account    

Forums
· Forums FAQ
· Search
· Usergroups
· Profile
· Private Messages

Support Us
This site runs with your support. Please donate:

User Info/Login
Welcome, Anonymous
Nickname
Password
Security Code: Security Code
Type Security Code

(Register)
Membership:
Latest: jester07
New Today: 0
New Yesterday: 1
Overall: 10348
People Online:
Visitors: 14
Members: 0
Total: 14

Link to Us

Evaders Squadron Coding [ESC] :: View topic - Security: PHP-Nuke "lang" Local File Inclusion Vul
Security: PHP-Nuke "lang" Local File Inclusion Vul

 
Post new topic   Reply to topic    Evaders Squadron Coding [ESC] Forum Index -> Coding Services
View previous topic :: View next topic  
Author Message
Evaders99



Joined: Jan 11, 2002
Posts: 3079
Location: USA
PostPosted: Mon Mar 12, 2007 11:57 pm    Post subject: Security: PHP-Nuke "lang" Local File Inclusion Vul Reply with quote
In response to this:
http://secunia.com/advisories/24484/

I am posting my own analysis here:

This was already fixed in Patched files 7.8 and lower. RavenNuke is fine.

Patched 7.9 and 8.0 may be vulnerable and I will report this to chatserv.

Solution: Upgrade to the latest Patched / Don't use 7.9 or 8.0
_________________
Evaders99
SW:Rebellion Fans! Webmaster
Star Wars roleplaying community! Administrator

Fighting is terrible, but not as terrible as losing the will to fight.
- SW:Rebellion Network - Evaders Squadron Coding -

The cake is a lie.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
Evaders99



Joined: Jan 11, 2002
Posts: 3079
Location: USA
PostPosted: Fri Jun 19, 2009 12:24 am    Post subject: Reply with quote
In response to one posted 5/14/2009
http://gsasec.blogspot.com/2009/05/php-nuke-v80-directory-traversal_14.html

This does not seem to be an issue, rather a duplicate.

I am posting an addendum, since these don't seem to be in the 7.9/8.0/8.1 Patched files. All others Patched versions / RavenNuke are fine.

For those using 7.9 or 8.0 Patched 3.5
Code:

in mainfile.php

FIND


   } elseif (isset($lang)) {
      $lang = filter($lang, "nohtml");

REPLACE WITH

   } elseif ((isset($lang)) AND (!stristr($lang,"."))) {
      $lang = filter($lang, "nohtml");



For those using 8.1 (Patched or original, as patched does not modify mainfile.php)

Code:

in mainfile.php

FIND


if (!defined('FORUM_ADMIN')) {
    if ((isset($newlang)) AND (stristr($newlang,"."))) {
      if (file_exists("language/lang-".$newlang.".php")) {
         setcookie("lang",$newlang,time()+31536000);
         include_once("language/lang-".$newlang.".php");
         $currentlang = $newlang;
      } else {
         setcookie("lang",$language,time()+31536000);
         include_once("language/lang-".$language.".php");
         $currentlang = $language;
      }
   } elseif (isset($lang)) {
      include_once("language/lang-".$lang.".php");
      $currentlang = $lang;
   } else {
      setcookie("lang",$language,time()+31536000);
      include_once("language/lang-".$language.".php");
      $currentlang = $language;
   }
}

REPLACE WITH


if (!defined('FORUM_ADMIN')) {
    if ((isset($newlang)) AND (stristr($newlang,"."))) {
      $newlang = filter($newlang, "nohtml");
      if (file_exists("language/lang-".$newlang.".php")) {
         setcookie("lang",$newlang,time()+31536000);
         include_once("language/lang-".$newlang.".php");
         $currentlang = $newlang;
      } else {
         setcookie("lang",$language,time()+31536000);
         include_once("language/lang-".$language.".php");
         $currentlang = $language;
      }
   } elseif ((isset($lang)) AND (!stristr($lang,"."))) {
      $lang = filter($lang, "nohtml");
      include_once("language/lang-".$lang.".php");
      $currentlang = $lang;
   } else {
      setcookie("lang",$language,time()+31536000);
      include_once("language/lang-".$language.".php");
      $currentlang = $language;
   }
}


_________________
Evaders99
SW:Rebellion Fans! Webmaster
Star Wars roleplaying community! Administrator

Fighting is terrible, but not as terrible as losing the will to fight.
- SW:Rebellion Network - Evaders Squadron Coding -

The cake is a lie.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
stevenswing
Newbie
Newbie


Joined: Oct 09, 2009
Posts: 5
PostPosted: Fri Oct 09, 2009 12:01 am    Post subject: Reply with quote
Does this code look vulnerable?:
Code:

if ($forum_admin != 1) {
    if (isset($newlang) AND !eregi("\.","$newlang")) {
   if (file_exists("language/lang-$newlang.php")) {
       setcookie("lang",$newlang,time()+31536000);
       include("language/lang-$newlang.php");
       $currentlang = $newlang;
   } else {
       setcookie("lang",$language,time()+31536000);
       include("language/lang-$language.php");
       $currentlang = $language;
   }
    } elseif (isset($lang)) {
   include("language/lang-$lang.php");
   $currentlang = $lang;
    } else {
   setcookie("lang",$language,time()+31536000);
   include("language/lang-$language.php");
   $currentlang = $language;
    }
}
Back to top
View user's profile Send private message
Evaders99



Joined: Jan 11, 2002
Posts: 3079
Location: USA
PostPosted: Fri Oct 09, 2009 12:53 am    Post subject: Reply with quote
Yes. You really should be up to the latest Patched 3.5 files
http://www.nukeresources.com
_________________
Evaders99
SW:Rebellion Fans! Webmaster
Star Wars roleplaying community! Administrator

Fighting is terrible, but not as terrible as losing the will to fight.
- SW:Rebellion Network - Evaders Squadron Coding -

The cake is a lie.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
stevenswing
Newbie
Newbie


Joined: Oct 09, 2009
Posts: 5
PostPosted: Fri Oct 09, 2009 1:37 am    Post subject: Reply with quote
We have a very heavily modified version of nuke, with lots and lots of customizations.

What would the patch for this be?

Thank you for your help.
Back to top
View user's profile Send private message
Evaders99



Joined: Jan 11, 2002
Posts: 3079
Location: USA
PostPosted: Fri Oct 09, 2009 1:47 am    Post subject: Reply with quote
This should work

Code:

if ($forum_admin != 1) {
    if (isset($newlang) AND !eregi("\.","$newlang")) {
   if (file_exists("language/lang-$newlang.php")) {
       setcookie("lang",$newlang,time()+31536000);
       include("language/lang-$newlang.php");
       $currentlang = $newlang;
   } else {
       setcookie("lang",$language,time()+31536000);
       include("language/lang-$language.php");
       $currentlang = $language;
   }
   } elseif ((isset($lang)) AND (!stristr($lang,"."))) {
   $lang = check_html($lang, "nohtml");
   include("language/lang-$lang.php");
   $currentlang = $lang;
    } else {
   setcookie("lang",$language,time()+31536000);
   include("language/lang-$language.php");
   $currentlang = $language;
    }
}

_________________
Evaders99
SW:Rebellion Fans! Webmaster
Star Wars roleplaying community! Administrator

Fighting is terrible, but not as terrible as losing the will to fight.
- SW:Rebellion Network - Evaders Squadron Coding -

The cake is a lie.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
stevenswing
Newbie
Newbie


Joined: Oct 09, 2009
Posts: 5
PostPosted: Fri Oct 09, 2009 5:16 am    Post subject: Reply with quote
Thank you for the patch, appreciated. Where is the best place to stay current with PHP-Nuke vulnerabilites?
Back to top
View user's profile Send private message
Evaders99



Joined: Jan 11, 2002
Posts: 3079
Location: USA
PostPosted: Fri Oct 09, 2009 7:11 pm    Post subject: Reply with quote
I post what I find on Nukecops.com - although most of the Nuke sites are now dead anyway.
_________________
Evaders99
SW:Rebellion Fans! Webmaster
Star Wars roleplaying community! Administrator

Fighting is terrible, but not as terrible as losing the will to fight.
- SW:Rebellion Network - Evaders Squadron Coding -

The cake is a lie.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
Display posts from previous:   
Post new topic   Reply to topic    Evaders Squadron Coding [ESC] Forum Index -> Coding Services All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

^Top
Home Your Account Forums Downloads F.A.Q. Submit News Hosting Contact Us

© 2005 - 2007 by Evaders99. All Rights Reserved.
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters.
You can syndicate our news using the file backend.php
 PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL.
PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.54 Seconds