You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 372 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Security Alert
Security
Security Alert 7/20/2003!

[Note:Copied from Message post to keep in archives]

I've been helping a user today. He couldn't login as Admin and upon investigation it just looked like a case of a forgotten password. Once I got him up and running, he said he knew he had never entered that author name in the God record. He inspected the nuke.sql file from his v6.8 distro and the INSERT statement to nuke_authors came preinstalled (thank you very much ) with a user 'aaa' and a password that of course was MD5'd! He said he got the v6.8 from a link on nukephp.org.

I won't bother preaching about using versions that aren't public and aren't from reliable sources. Be warned, however, to make sure you know your sources!

Read this post for more on this.
Posted on Sunday, July 27 @ 12:17:49 CEST by [RETIRED]Raven
 
Related Links
· Computer Cops
· More about Security
· News by [RETIRED]Raven


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 1
Votes: 2


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Security Alert (Score: 1)
by stmpeters on Sunday, July 27 @ 14:14:36 CEST
(User Info | Send a Message)
Unfortunately, no new versions of PHP-Nuke have been released to the public since 6.5. If they were released to the public, then there would not be any problems similar to this one.



Re: Security Alert (Score: 1)
by Azmeen on Monday, July 28 @ 21:32:35 CEST
(User Info | Send a Message)
If someone is idiotic enough to not give a quick check on something as simple as an SQL file, then that person deserved to have his/her web site backdoored.


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.087 Seconds - 292 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::