Waraxe IT Security Portal
Login or Register
October 31, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 72
Members: 0
Total: 72
Full disclosure
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
APPLE-SA-10-28-2024-3 macOS Sequoia 15.1
APPLE-SA-10-28-2024-2 iOS 17.7.1 and iPadOS 17.7.1
APPLE-SA-10-28-2024-1 iOS 18.1 and iPadOS 18.1
Open Redirect / Reflected XSS - booked-schedulerv2.8.5
SEC Consult SA-20241024-0 :: Unauthenticated Path Traversal Vulnerability in Lawo AG - vsm LTC Time Sync (vTimeSync) (CVE-2024-6049)
[RESEARCH] DTLS 'ClientHello' Race Conditions in WebRTCImplementations
Adversary3 updated with 700 malware and C2 panelvulnerabilities
SEC Consult SA-20241015-0 :: Multiple Vulnerabilities in Rittal IoT Interface & CMC III Processing Unit (CVE-2024-47943, CVE-2024-47944, CVE-2024-47945)
CVE-2024-48939: Unauthorized enabling of API in Paxton Net2software
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index
Search found 15 matches
HostAdmin ///224 $ But Free xD
PostForum:Outdated posts Posted: Sat Jul 24, 2004 9:56 am Subject: HostAdmin ///224 $ But Free xD
genoxide
Replies: 3
Views: 10685




Object not found!
PHPnuke 7.4 FINAL
PostForum:PhpNuke Posted: Sat Jul 24, 2004 9:44 am Subject: PHPnuke 7.4 FINAL
genoxide
Replies: 3
Views: 8809




You can get 7.4 at my site www.nukescripts.info Wink
Issues concerning PHPNuke SQL Injection
PostForum:PhpNuke Posted: Tue Jul 20, 2004 7:57 am Subject: Issues concerning PHPNuke SQL Injection
genoxide
Replies: 5
Views: 13090




Its out on SF and a fix was released when the report was released
http://www.nukescripts.info/modules.php?name=Forums&file=viewtopic&t=44#562 Wink
[waraxe-2004-SA#036] [Multiple security holes in PhpNuke]
PostForum:How to fix Posted: Sun Jul 18, 2004 5:38 pm Subject: [waraxe-2004-SA#036] [Multiple security holes in PhpNuke]
genoxide
Replies: 2
Views: 15463




Ok i've tested this report on nuke 6.9 and 7.3 and heres my 2 cents Wink
A1 - full path disclosure in "/modules/Search/index.php":

Go to search page:

http://localhost/nuke73/modules.php?name ...
[waraxe-2004-SA#035] - security holes in search module
PostForum:How to fix Posted: Sat Jul 17, 2004 6:26 pm Subject: [waraxe-2004-SA#035] - security holes in search module
genoxide
Replies: 2
Views: 12624




The instory seems to be affecting only 7.* versions, i search 6.9 and it seems just right Wink
also i released http://www.nukecops.com/postt31532.html when i saw the report at SF, hope u dont mind ...
new exploit: $content
PostForum:PhpNuke Posted: Tue Jul 13, 2004 9:05 pm Subject: new exploit: $content
genoxide
Replies: 7
Views: 12700




No need for irony, heh Wink
try this on a non patched phpnuke site index.php?content=%253cscript>alert%2528document.cookie);%253c/script>
You will see that you are getting the cookies in a ...
new exploit: $content
PostForum:PhpNuke Posted: Tue Jul 13, 2004 4:08 pm Subject: new exploit: $content
genoxide
Replies: 7
Views: 12700




Even if it's a local variable, it still can be used for XSS
new exploit: $content
PostForum:PhpNuke Posted: Sun Jul 11, 2004 3:54 pm Subject: new exploit: $content
genoxide
Replies: 7
Views: 12700




I was working on my new project and i found that the $content var in several blocks doesn't get parse correctly.
what i mean?
Open block-Survey.php and you will see:
$content .= "<form ...
some fixes waraxe released.
PostForum:PhpNuke Posted: Fri Jul 09, 2004 9:15 am Subject: some fixes waraxe released.
genoxide
Replies: 2
Views: 9057




and about the $admin or $user exploits
#############################################################
#--------------- Base64 sanitize by Waraxe -----------------
if(isset($admin))
...
Which is the best protection System?
PostForum:PhpNuke Posted: Thu Jul 08, 2004 9:43 pm Subject: Which is the best protection System?
genoxide
Replies: 6
Views: 11112




i agree with u, but what about new ones? Wink
-=LOGO COMPETITION!=-
PostForum:General discussion Posted: Thu Jul 08, 2004 9:42 pm Subject: -=LOGO COMPETITION!=-
genoxide
Replies: 21
Views: 38562




i've just started messing with ps so don't be 2 hard with me Wink
http://xeronet.org/uploads/genoxide/waraxe1.gif
Which is the best protection System?
PostForum:PhpNuke Posted: Thu Jul 08, 2004 8:57 pm Subject: Which is the best protection System?
genoxide
Replies: 6
Views: 11112




i've sentinel (latest version) on all of my nuke sites and i didn't have any problem with it, its secure,fast and reliable Wink
New security flaws in phpnuke all versions!
PostForum:PhpNuke Posted: Thu Jul 08, 2004 8:56 pm Subject: New security flaws in phpnuke all versions!
genoxide
Replies: 13
Views: 20648




so if we replace
the old
if (!eregi("admin.php", $_SERVER['SCRIPT_NAME'])) { die ("Access Denied"); }

or
if (!eregi(" ...
some fixes waraxe released.
PostForum:PhpNuke Posted: Thu Jul 08, 2004 8:45 pm Subject: some fixes waraxe released.
genoxide
Replies: 2
Views: 9057




also about the fix in the modules.php
about the $name fix
$modpath .= "modules/$name/".$file.".php";
if (file_exists($modpath)) {
how can the 'xploi ...
some fixes waraxe released.
PostForum:PhpNuke Posted: Thu Jul 08, 2004 8:40 pm Subject: some fixes waraxe released.
genoxide
Replies: 2
Views: 9057




Well i'm currently working on a new project of mine and i got cs permission to work with his fixes for phpnuke.
i came across with some of the fixes waraxe made in article.php
// start code fix ...
Page 1 of 1
All times are GMT


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.039 Seconds