Home :: Forums :: Register :: Sign In :: Links :: Downloads
Go Back Home >> Forums >> General PHP Nuke Help
Reload this Page Reviews/index.php Vulnerability fix

Reviews/index.php Vulnerability fix

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb   More...
#1Thu Feb 05, 2004 2:09 am   Reviews/index.php Vulnerability fix
Telli
Site Admin
Telli has been a member for over 5 year's 5 Year Member
usa.gif florida.gif
Occupation: Self Employed
Age: 37
Fav. Sports Team: Detroit Red Wings
Website: www.codezhost.com
 Status: Offline
Joined: May 26, 2003
4.12 posts per day
Posts: 7758
Points: 490,725
   
Thanks to Raven at [ Register or login to view links on this board. ] for this find.




find 2 instances of where id=$id and change to where id = '$id'
In modules/Reviews/index.php


After looking i noticed about 4 instances of the above so look
carefully for

WHERE id=$id" and WHERE id=$id

change those to

WHERE id='$id'" and WHERE id='$id'

EDIT:

Also upon further investigation i noticed two instance of $id_del make sure those are sorrounded with hash marks too.

'$id_del'



If your using the CZEnhaced 7.0 it has been updated in the downloads if you want to just download it again and upload that modules/Reviews/index.php you can.

The other PHPNuke 7.0 standard in the downloads has also been updated.




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#2Wed Mar 10, 2004 11:09 am   re: Reviews/index.php Vulnerability fix
Recoil
CZ Addict
Recoil has been a member for over 4 year's 4 Year Member
usa.gif louisiana.gif
Occupation: Manager
Fav. Sports Team: New Orleans
Website: one-hq.com
 Status: Offline
Joined: Jan 17, 2004
0.26 posts per day
Posts: 427
Points: 8,650
   ICQ Number
Does this only affect 7.* ?
Back to top Reply with quote
#3Wed Mar 10, 2004 11:34 pm   re: Reviews/index.php Vulnerability fix
Telli
Site Admin
Telli has been a member for over 5 year's 5 Year Member
usa.gif florida.gif
Occupation: Self Employed
Age: 37
Fav. Sports Team: Detroit Red Wings
Website: www.codezhost.com
 Status: Offline
Joined: May 26, 2003
4.12 posts per day
Posts: 7758
Points: 490,725
   
Any version should have the fix applied.




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#4Sat Mar 13, 2004 1:51 am   re: Reviews/index.php Vulnerability fix
Recoil
CZ Addict
Recoil has been a member for over 4 year's 4 Year Member
usa.gif louisiana.gif
Occupation: Manager
Fav. Sports Team: New Orleans
Website: one-hq.com
 Status: Offline
Joined: Jan 17, 2004
0.26 posts per day
Posts: 427
Points: 8,650
   ICQ Number
Tanks Bro! qtank.gif
Back to top Reply with quote
#5Sat Mar 27, 2004 8:06 pm   
motozen
CZ Super Newbie
motozen has been a member for over 4 year's 4 Year Member
Website: www.motozen.net
 Status: Offline
Joined: Mar 04, 2004
0.02 posts per day
Posts: 31
Points: 1,554
   
stupid question:

how is it possible to hack php? This "vulnerability" does what for hackers?




_________________
visit us at [ Register or login to view links on this board. ]
Back to top Reply with quote
#6Sun Mar 28, 2004 12:39 am   re: Reviews/index.php Vulnerability fix
Telli
Site Admin
Telli has been a member for over 5 year's 5 Year Member
usa.gif florida.gif
Occupation: Self Employed
Age: 37
Fav. Sports Team: Detroit Red Wings
Website: www.codezhost.com
 Status: Offline
Joined: May 26, 2003
4.12 posts per day
Posts: 7758
Points: 490,725
   
intval '$id' keeps the hackers from running sql querys through http URL's




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#7Tue Apr 20, 2004 12:20 pm   re: Reviews/index.php Vulnerability fix
Dobie
CZ Newbie
Dobie has been a member for over 4 year's 4 Year Member
Status: Offline
Joined: Apr 13, 2004
0.01 posts per day
Posts: 19
Points: 1,170
   
Done....thanks for this!
Back to top Reply with quote
#8Sat Sep 04, 2004 12:35 pm   re: Reviews/index.php Vulnerability fix
samy
CZ Newbie
samy has been a member for over 3 year's 3 Year Member
Status: Offline
Joined: Sep 01, 2004
0.02 posts per day
Posts: 26
Points: 1,670
   
applied thx!
Back to top Reply with quote
#9Wed Dec 07, 2005 1:31 pm   re: Reviews/index.php Vulnerability fix
Block123
CZ Newbie
Block123 has been a member for over 3 year's 3 Year Member
usa.gif texas.gif
Occupation: Telecom
Age: 37
Fav. Sports Team: Denver Broncos
 Status: Offline
Joined: Jul 07, 2005
0.02 posts per day
Posts: 23
Points: 972
   
I'm running Nuke 7.0

Two times this week my Index files for my forum admin area and my home page have been hacked. All the code in the file was erased with text left that said "TheHacker..."

Today I made the changes stated above to my reviews/index file. Do you think this will keep the jerk out or do I have another issue?
Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb   More...
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum