SW:Rebellion NetworkHosted by the SW:Rebellion Network
Welcome to Evaders Squadron Coding [ESC]
Did you know that... you can get the latest file changes to the Nuke Patched Core by using the CVS!
Home Forums Nuke Patched Core Coding Services Webmaster Services Personal
  Login/Create an Account    

Forums
· Forums FAQ
· Search
· Usergroups
· Profile
· Private Messages

Support Us
This site runs with your support. Please donate:

User Info/Login
Welcome, Anonymous
Nickname
Password
Security Code: Security Code
Type Security Code

(Register)
Membership:
Latest: kimmyjones0001
New Today: 0
New Yesterday: 2
Overall: 10351
People Online:
Visitors: 15
Members: 0
Total: 15

Link to Us

Evaders Squadron Coding [ESC] :: View topic - Security: "PHP-Nuke <= 8.0" (SecurityReason)
Security: "PHP-Nuke <= 8.0" (SecurityReason)

 
Post new topic   Reply to topic    Evaders Squadron Coding [ESC] Forum Index -> Coding Services
View previous topic :: View next topic  
Author Message
Evaders99



Joined: Jan 11, 2002
Posts: 3079
Location: USA
PostPosted: Fri Jun 01, 2007 6:47 pm    Post subject: Security: "PHP-Nuke <= 8.0" (SecurityReason) Reply with quote
This deals with three seperate security releases from SecurityReason:

PHP-Nuke <= 8.0 Final (HTTP Referers) Remote SQL Injection Exploit
PHP-Nuke <= 8.0 Final (INSERT) Blind SQL Injection Exploit
PHP-Nuke <= 8.0 Final (INSERT) Remote SQL Injection Exploit

Two are standard injections. One is a brute force attack that hasn't been seen before, but it may be used more often when vulnerabilities are found. A suggested block is included:

While the advisoriy topic suggests that phpNuke 8.0 is not vulnerable, I don't believe it. There is no special protection in 8.0!
Please read and follow the suggested guidelines for your products

Also... for users of Nuke Sentinel, please see the thread here:
http://evaders.swrebellion.com/forums/postp367.html#367

Latest Patched 3.3 / Nuke Patched Core files

Not vulnerable...
UNLESS you are using the Patched 3.3 files and haven't updated since March 2007. There is a major fix in index.php
As new Patched versions haven't been released, only minor fixes to the Patched files have been done and not announced.

If you missed this change, here it is again
Code:

FILE: index.php

FIND

$result = $db->sql_query("INSERT INTO ".$prefix."_referer VALUES (NULL, '".$referer."')");

CHANGE TO

$result = $db->sql_query("INSERT INTO ".$prefix."_referer VALUES (NULL, '".addslashes($referer)."')");


See below for suggested code changes

Latest RavenNuke 2.10.01

is VULNERABLE

Please make this change

Code:

in index.php

FIND

$result = $db->sql_query('INSERT INTO '.$prefix.'_referer VALUES (NULL, \''.$referer.'\')');

CHANGE TO

$result = $db->sql_query('INSERT INTO '.$prefix.'_referer VALUES (NULL, \''.addslashes($referer).'\')');


See below for suggested code changes




----------------------

Suggested code changes

Given the brute force attack could be reused easily and not detected as a standard SQL attack, I suggest several blocks to be included to check for parts of code such as

Code:

SELECT IF

or

ASCII(SUBSTRING(

or

BENCHMARK(


You can add these using Nuke Sentinel's string blocker .. or if not using that, within phpNuke's mainfile.php

Code:

in mainfile.php

FIND

if ((!isset($admin) OR (isset($admin) AND !is_admin($admin))) AND (stristr($postString,

IN,LINE FIND (at end)

) {

REPLACE WITH

 OR (stristr($postString,'SELECT IF')) OR (stristr($postString_64,'SELECT IF')) OR (stristr($postString,'ASCII(SUBSTRING(')) OR (stristr($postString_64,'ASCII(SUBSTRING(')) OR (stristr($postString,'BENCHMARK(')) OR (stristr($postString_64,'BENCHMARK(')) ) {
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
Display posts from previous:   
Post new topic   Reply to topic    Evaders Squadron Coding [ESC] Forum Index -> Coding Services All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

^Top
Home Your Account Forums Downloads F.A.Q. Submit News Hosting Contact Us

© 2005 - 2007 by Evaders99. All Rights Reserved.
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters.
You can syndicate our news using the file backend.php
 PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL.
PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.40 Seconds