 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 57
 Members: 0
 Total: 57
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
8. June 2004 - new PhpNuke advisory in BugTraq! |
|
 Posted: Tue Jun 08, 2004 12:40 pm |
 |
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
 |
|
 |
|
Original source can be seen here:
http://groups.google.com/groups?selm=ca3hg2%24216i%241%40FreeBSD.csie.NCTU.edu.tw&output=gplain
And here is full text of advisory:
| Code: |
From: k1ll3rb0y@hotmail.com ("Dark Bicho")
Newsgroups: mailing.unix.bugtraq
Subject: Multiple vulnerabilities PHP-Nuke
Date: Tue, 8 Jun 2004 13:06:10 +0800 (CST)
Organization: NCTU CSIE FreeBSD Server
Lines: 105
Sender: nobody@FreeBSD.csie.NCTU.edu.tw
Message-ID: <ca3hg2$216i$1@FreeBSD.csie.NCTU.edu.tw>
NNTP-Posting-Host: freebsd.csie.nctu.edu.tw
X-Trace: FreeBSD.csie.NCTU.edu.tw 1086671170 66771 140.113.17.209 (8 Jun 2004 05:06:10 GMT)
X-Complaints-To: usenet@FreeBSD.csie.NCTU.edu.tw
NNTP-Posting-Date: Tue, 8 Jun 2004 05:06:10 +0000 (UTC)
original advisory : http://bichosoft.webcindario.com/advisory-05.txt
-------------------------------------------------------------------------------------------------
:.: Multiple vulnerabilities PHP-Nuke :.:
PROGRAM: PHP-Nuke
HOMEPAGE: http://phpnuke.org/
VERSION: 6.x, 7.2, 7.3
BUG: Multiple vulnerabilities
DATE: 14/05/2004
AUTHOR: DarkBicho
web: http://www.darkbicho.tk
team: Security Wari Proyects <www.swp-zone.org>
Email: darkbicho@peru.com
-------------------------------------------------------------------------------------------------
1.- Affected software description:
-----------------------------
Php-Nuke is a popular content management system, written in php by
Francisco Burzi.
2.- Vulnerabilities:
---------------
A. Full path disclosure:
This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive
information.
:.: Examples:
http://localhost/nuke1/modules.php?name=Reviews&rop=showcontent&id='DarkBicho
Warning: date(): Windows does not support dates prior to midnight
(00:00:00),
January 1, 1970 in c:\appserv\www\nuke1\modules\Reviews\index.php on
line 527
B. Cross-Site Scripting aka XSS:
:.: id :
*
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a
<input type=hidden name=id value='>
:.: title :
*
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a
:.: Examples:
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='<h1>DarkBicho</h1&title=a
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=<h1>DarkBicho</h1>
3.- SOLUTION:
????????
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the PHP-NUKE website for updates and official release details.
4.- Greetings:
---------
greetings to my Peruvian group swp and perunderforce :D
"EL PISCO ES Y SERA PERUANO"
5.- Contact
-------
WEB: http://www.darkbicho.tk
EMAIL: darkbicho@peru.com
-------------------------------------------------------------------------------------------------
___________ ____________
/ _____/ \ / \______ \
\_____ \\ \/\/ /| ___/
/ \\ / | |
/_______ / \__/\ / |____|
\/ \/
Security Wari Projects
(c) 2002 - 2004
Made in Peru
----------------------------------------[ EOF
]----------------------------------------------
|
So all the found flaws are related to "Reviews" module. I will publish soon the fixes against those flaws, so stay tuned!  |
|
Last edited by waraxe on Mon Feb 14, 2005 10:18 pm; edited 1 time in total |
|
|
|
|
|
|
|
| Posted: Tue Jun 08, 2004 2:10 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Jun 09, 2004 1:27 pm |
|
|
| SteX |
| Advanced user |
 |
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
Good work waraxe  |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
| Posted: Wed Jun 09, 2004 4:08 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
By the way, there will be soon my new advisory about same - Reviews - module. So stay tuned!  |
|
|
|
|
|
Something id like to point out.... |
|
| Posted: Fri Aug 27, 2004 2:19 pm |
|
|
| Dark Dragon |
| Regular user |
 |
|
| Joined: Aug 26, 2004 |
| Posts: 11 |
|
|
|
|
|
|
|
| you know the phpBB broken image hack of phpnuke, well if you use apaches "Wonderful features" to make it a gif or jpg, instead of waiting for administrator to find your broken image, if you made the image your avatar or put it in your sig, it could be pottentially more dangerous, and less conspicuous.... |
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
