NukeCops - PHP-Nuke admin.php security hole

You are missing our premiere tool bar navigation system! Register and use it for FREE!

Create an account

• Home • Downloads • Gallery • Your Account • Forums •

Readme First

- Readme First! -
Read and follow the rules, otherwise your posts will be closed

Modules

· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account

Who's Online

There are currently, 442 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

PHP-Nuke admin.php security hole - PATCHED

Recently a security hole was announced in reference to an admin.php exploit where anyone can obtain PHP-Nuke administrator access. I've tested my patch the past couple days both here and at all the other sites with success. Its a quite simple patch in fact, here it is...

click here to see the code

This patch must be applied at the beginning of your admin.php code in order to be effective. It will also be implemented at our CVS site: cvs.nukecops.com tomorrow.

Admin Note: CVS file updated, code moved to a forum post as Nuke's filtering messes it if posted here.

Posted on Sunday, October 12 @ 22:37:44 CEST by Zhen-Xjell

Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating

Average Score: 2
Votes: 2

Options

Printer Friendly Page

Send to a Friend

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: PHP-Nuke admin.php security hole - PATCHED (Score: 1)
by SuperCat on Sunday, October 12 @ 23:34:33 CEST
(User Info | Send a Message)

pasting that code into admin.php causes an error on this line:

if (preg_match("/?admin/", "$url")) {

Something about "nothing to compare to"

Re: PHP-Nuke admin.php security hole - PATCHED (Score: 1)
by Audioslaved on Sunday, October 12 @ 23:38:31 CEST
(User Info | Send a Message) http://www.audioslaved.com

I get the same thing, using 6.0 and 6.5. Any ideas?

]

Re: PHP-Nuke admin.php security hole - PATCHED (Score: 1)
by chatserv on Sunday, October 12 @ 23:45:36 CEST
(User Info | Send a Message) http://nukeresources.com

Check the note in the article.

]

Re: PHP-Nuke admin.php security hole - PATCHED (Score: 1)
by Zhen-Xjell on Sunday, October 12 @ 23:48:31 CEST
(User Info | Send a Message) http://castlecops.com

Thanks CS for saving my butt.

postp59084.html#59084

]

And how about this security hole in mailattach.php? (Score: 1)
by chris on Monday, October 13 @ 02:37:49 CEST
(User Info | Send a Message) http://www.karakas-online.de

From http://www.secunia.com/advisories/9954/ :

A vulnerability has been reported in PHP-Nuke allowing malicious users to upload and execute arbitrary files.

The vulnerability is caused due to the "mailattach.php" script in the WebMail part not verifying path information in the "userfile_name" parameter and the "modules.php" script allowing people to supply arbitrary files in the "file" parameter.

These two problems can combined be exploited to execute arbitrary code on a vulnerable system.

Example:
1) Upload a file where the "userfile_name" parameter is set to "../../AvantGo/language/evil.php".
2) Execute it using: /modules.php?name=AvantGo&file=language/evil

The vulnerability has been reported to affect PHP-Nuke on the Windows platform only.

Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.096 Seconds - 197 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)

:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::