Dangerous hole in phpnuke?

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   Dangerous hole in phpnuke?
RedWolf111
CZ Addict
usa.gif wisconsin.gif
Occupation: Owner of MR Kettle Corn
Age: 54
Gender: Male
Status: Offline
Joined: Jun 02, 2003
0.07 posts per day
Posts: 572
Points: 135,122
   
Has anybody seen anything about this yet?



irandoct writes "There is a new dangerous hole in phpnuke portal system ( 7.4 and older versions ) . In this case hacker deletes existing admins first using a very simple HTML from . Now because of there isn't any admin for the system he can create the first super admin...


and he access the site's admin panel and can change in site contents, delete contents and ...
Please update your site using latest security patch by Chatserv or rename your admin.php for a quick fix. More information at :
Iranportals.com
Iranportals.net

Note: If your server allows .htaccess files limit access to your admin.php file by adding
your ip and maybe that of your other admins to the .htaccess file in the following
manner:
<Files "admin.php">
Order allow,deny
deny from all
Allow from your_ip
Allow from 2nd_ip
Allow from 3rd_ip
</Files> "



Either way does the phpnuke 7.4 patched have "security patch by Chatserv" in it already? If not please direct me to where I can find it.


Thanks,
RedWolf



_________________
[ Register or login to view links on this board.] You never know what you can find at TWFsales. Stop in today for some great deals.
Back to top Reply with quote
#2   re: Dangerous hole in phpnuke?
Taut
PayPal Donation
CZ Revered Member
 Codezwiz Site Donator
usa.gif california.gif
Occupation: Entrepreneur
Gender: Female
Fav. Sports Team: SF Giants
Status: Offline
Joined: May 27, 2003
0.70 posts per day
Posts: 5530
Points: 481,695
   
I'm sure if the version we have here says it's patched then it is but you want the one specifically done by chatserv then you might want to try doing a google for it. I think his site is either NukeFixes or NukeResources...not sure which of the 2 it is



Back to top Reply with quote
#3   re: Dangerous hole in phpnuke?
RedWolf111
CZ Addict
usa.gif wisconsin.gif
Occupation: Owner of MR Kettle Corn
Age: 54
Gender: Male
Status: Offline
Joined: Jun 02, 2003
0.07 posts per day
Posts: 572
Points: 135,122
   
ty Taut...I just wanted to make sure I wasnt lagging on fixing any holes in my site..icon_biggrin.gif


RedWolf




_________________
[ Register or login to view links on this board.] You never know what you can find at TWFsales. Stop in today for some great deals.
Back to top Reply with quote
#4   re: Dangerous hole in phpnuke?
echo
CZ Wiz
 Codezwiz Site Donator
Gender: Male
Status: Offline
Joined: Oct 04, 2003
0.15 posts per day
Posts: 1147
Points: 93
   
I do believe Telli has this covered:
[ Register or login to view links on this board. ]

icon_biggrin.gif



Back to top Reply with quote
#5   Re: re: Dangerous hole in phpnuke?
RedWolf111
CZ Addict
usa.gif wisconsin.gif
Occupation: Owner of MR Kettle Corn
Age: 54
Gender: Male
Status: Offline
Joined: Jun 02, 2003
0.07 posts per day
Posts: 572
Points: 135,122
   


Originally posted by echo @ Sun Sep 19, 2004 12:45 pm:

I do believe Telli has this covered:
[ Register or login to view links on this board. ]

icon_biggrin.gif


Ty Echo for that link...very very informative. Maybe thats why I couldnt find much about his topic besides that code he listed.

And Telli...I love that nice message in the code you listed in the thread there...lmao


RedWolf

EDIT* And when I think about it...looks like all that hacker would have to do is use the proxy u list in the htaccess file to enter the admin files also.




_________________
[ Register or login to view links on this board.] You never know what you can find at TWFsales. Stop in today for some great deals.
Back to top Reply with quote
#6   
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,475
   
The Nuke Patched 2.6 Version came out today and has the fix applied.

[ Register or login to view links on this board. ]




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#7   re: Dangerous hole in phpnuke?
RedWolf111
CZ Addict
usa.gif wisconsin.gif
Occupation: Owner of MR Kettle Corn
Age: 54
Gender: Male
Status: Offline
Joined: Jun 02, 2003
0.07 posts per day
Posts: 572
Points: 135,122
   
thats alot of stuff for me to edit...lol. Looks like I will be busy for a few days...icon_smile.gif


RedWolf




_________________
[ Register or login to view links on this board.] You never know what you can find at TWFsales. Stop in today for some great deals.
Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum