ewiget
Admin
Admin
| Posts: 171 |  |
Karma: 2
|
new phpnuke exploit today - 2005/12/15 23:14
There is a new phpnuke exploit going around beginning today that takes advantage of an old UNION bug that mysteriously made its way back into the code.
Original Post - http://ravenphpscripts.com/postp54361.html#54361
Nuke Platinum sites and regular phpnuke site are being exploited with a variation of an old exploit that was fixed in Chatserv Patch Level 3.x and possibly even 2.9 (http://nukeresources.com/). Using a specially crafted url and the UNION modifier, your admin password, in md5 hashed code, can be exposed. The fact that many people use common dictionary words, this information can be used to easily get admin access to your site.
Now for this to happen, you would need to be running a version of phpnuke that is not patched current. NukeSentinel(tm) becomes an accomplice to this because the URL was bypassing the filters in NukeSentinel(tm). Actually, the filters are in there, they just weren't working correctly. With the following fix you should not have to worry. It should also be noted that if you are using NukeSentinel's Admin Auth protection and you have taken our advice and not kept the passwords the same, even if they guess your nuke password they still can't get past NukeSentinel(tm). That's a safety net but not the full solution.
Here is the fix:
Edit includes/nukesentinel.php file,
FIND
| Code: |
function st_clean_string($cleanstring) {
|
AFTER ADD
| Code: |
$cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring);
|
Should Now Look Like
| Code: |
function st_clean_string($cleanstring) {
$cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring);
|
Ed Wiget
Technical Support
http://www.xtremewebhosts.com |
