|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 72
Members: 0
Total: 72
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
|
You can get 7.4 at my site www.nukescripts.info |
|
|
|
|
Its out on SF and a fix was released when the report was released
http://www.nukescripts.info/modules.php?name=Forums&file=viewtopic&t=44#562 |
|
|
|
|
Ok i've tested this report on nuke 6.9 and 7.3 and heres my 2 cents
A1 - full path disclosure in "/modules/Search/index.php":
Go to search page:
http://localhost/nuke73/modules.php?name ... |
|
|
|
|
The instory seems to be affecting only 7.* versions, i search 6.9 and it seems just right
also i released http://www.nukecops.com/postt31532.html when i saw the report at SF, hope u dont mind ... |
|
|
|
|
No need for irony, heh
try this on a non patched phpnuke site index.php?content=%253cscript>alert%2528document.cookie);%253c/script>
You will see that you are getting the cookies in a ... |
|
|
|
|
Even if it's a local variable, it still can be used for XSS |
|
|
|
|
I was working on my new project and i found that the $content var in several blocks doesn't get parse correctly.
what i mean?
Open block-Survey.php and you will see:
$content .= "<form ... |
|
|
|
|
and about the $admin or $user exploits
#############################################################
#--------------- Base64 sanitize by Waraxe -----------------
if(isset($admin))
... |
|
|
|
|
i agree with u, but what about new ones? |
|
|
|
|
i've just started messing with ps so don't be 2 hard with me
http://xeronet.org/uploads/genoxide/waraxe1.gif |
|
|
|
|
i've sentinel (latest version) on all of my nuke sites and i didn't have any problem with it, its secure,fast and reliable |
|
|
|
|
so if we replace
the old
if (!eregi("admin.php", $_SERVER['SCRIPT_NAME'])) { die ("Access Denied"); }
or
if (!eregi(" ... |
|
|
|
|
also about the fix in the modules.php
about the $name fix
$modpath .= "modules/$name/".$file.".php";
if (file_exists($modpath)) {
how can the 'xploi ... |
|
|
|
|
Well i'm currently working on a new project of mine and i got cs permission to work with his fixes for phpnuke.
i came across with some of the fixes waraxe made in article.php
// start code fix ... |
|
|
Page 1 of 1 |
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|