Recent UNION exploit with unpatched sites and NukeSentinel
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
Raven owner of Ravenphpscripts posted a fix for a variation of an old exploit yesterday.
Raven says
Nuke Platinum sites and regular phpnuke site are being exploited with a variation of an old exploit that was fixed in Patch Level 3.x and possibly even 2.9. Using a specially crafted url and the UNION modifier, your admin password, in md5 hashed code, can be exposed. The fact that many people use common dictionary words, this information can be used to easily get admin access to your site.
Now for this to happen, you would need to be running a version of phpnuke that is not patched current. NukeSentinel(tm) becomes an accomplice to this because the URL was bypassing the filters in NukeSentinel(tm). Actually, the filters are in there, they just weren't working correctly. With the following fix you should not have to worry. It should also be noted that if you are using NukeSentinel's Admin Auth protection and you have taken our advice and not kept the passwords the same, even if they guess your nuke password they still can't get past NukeSentinel(tm). That's a safety net but not the full soultion.
I've tested this and it should close many holes that the kiddies never spotted I am posting it here and in a separate post of its own. My thanks to Technocrat for staying on my case about this
Edit includes/nukesentinel.php file,
FIND
function st_clean_string($cleanstring) {
AFTER ADD
$cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring);
Should Now Look Like
function st_clean_string($cleanstring) {
$cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring);
Please note that users of RavenNuke76 are not affected by this
You can watch the topic thread HERE
Article submitted by: Webshark
Last Update: 12-14-2005
Category: Security
Raven says
Nuke Platinum sites and regular phpnuke site are being exploited with a variation of an old exploit that was fixed in Patch Level 3.x and possibly even 2.9. Using a specially crafted url and the UNION modifier, your admin password, in md5 hashed code, can be exposed. The fact that many people use common dictionary words, this information can be used to easily get admin access to your site.
Now for this to happen, you would need to be running a version of phpnuke that is not patched current. NukeSentinel(tm) becomes an accomplice to this because the URL was bypassing the filters in NukeSentinel(tm). Actually, the filters are in there, they just weren't working correctly. With the following fix you should not have to worry. It should also be noted that if you are using NukeSentinel's Admin Auth protection and you have taken our advice and not kept the passwords the same, even if they guess your nuke password they still can't get past NukeSentinel(tm). That's a safety net but not the full soultion.
I've tested this and it should close many holes that the kiddies never spotted I am posting it here and in a separate post of its own. My thanks to Technocrat for staying on my case about this
Edit includes/nukesentinel.php file,
FIND
function st_clean_string($cleanstring) {
AFTER ADD
$cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring);
Should Now Look Like
function st_clean_string($cleanstring) {
$cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring);
Please note that users of RavenNuke76 are not affected by this
You can watch the topic thread HERE
Article submitted by: Webshark
Last Update: 12-14-2005
Category: Security
Current rating: 5.25 by 47 users
| Would you recommend this article to a friend? |
| Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(9,183 reads) 07-05-2008
· Fusion Security(14,870 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(13,648 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,086 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(13,584 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,368 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,406 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,126 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(17,979 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,358 reads) 10-01-2006
· ipBan Modification
Please register or sign-in to post comments.