|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 91
Members: 0
Total: 91
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Can the admin exploit be fixed without editing? |
|
Posted: Sun Jul 11, 2004 7:17 am |
|
|
Harry |
Regular user |
|
|
Joined: May 20, 2004 |
Posts: 14 |
|
|
|
|
|
|
|
My friend has a phpnuke website which was exploited using the old admin exploit below "http://localhost/nuke71/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&add_email=foo@bar.com&add_radminsuper=1". This guy has some issues over his ftp login i.e he cannot access his files, is it possible to stop this exploit without editing the admin.php file? |
|
|
|
|
|
Re: Can the admin exploit be fixed without editing? |
|
Posted: Sun Jul 11, 2004 2:04 pm |
|
|
madman |
Active user |
|
|
Joined: May 24, 2004 |
Posts: 46 |
|
|
|
|
|
|
|
Harry wrote: | My friend has a phpnuke website which was exploited using the old admin exploit below "http://localhost/nuke71/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&add_email=foo@bar.com&add_radminsuper=1". This guy has some issues over his ftp login i.e he cannot access his files, |
This exploit isn't related to FTP access. Open file management from host panel and look for file/dir permissions. The www root should be granted to your friend's host account, not "root" or else. Better asking to server admin's assistances if you found such problem.
Harry wrote: | is it possible to stop this exploit without editing the admin.php file? |
Install PHP-Nuke security add-ons. |
|
_________________ ch88rs,
madman |
|
|
|
|
|
|
|
Posted: Sun Jul 11, 2004 9:01 pm |
|
|
SteX |
Advanced user |
|
|
Joined: May 18, 2004 |
Posts: 181 |
Location: Serbia |
|
|
|
|
|
|
He cant install addons without FTP access (or Cpanel)..Maybe attacker have FTP and MySQL passwords..(attacker cant obtain ftp password,if he have admin rights).. |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
Posted: Mon Jul 12, 2004 5:45 pm |
|
|
madman |
Active user |
|
|
Joined: May 24, 2004 |
Posts: 46 |
|
|
|
|
|
|
|
SteX wrote: | He cant install addons without FTP access (or Cpanel)..Maybe attacker have FTP and MySQL passwords..(attacker cant obtain ftp password,if he have admin rights).. |
Regarding to nuke admin account, do not use the same password for FTP or cPanel login. Please note that FTP authentification does not encripted so someone can monitor your connection and may intercept your FTP access. |
|
_________________ ch88rs,
madman |
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|