lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000001c44d6d$e6897a80$2002a8c0@alucxp1>
From: jeruvy at shaw.ca (Jeruvy)
Subject: RE: Multiple vulnerabilities PHP-Nuke

This does not apply to any site that has applied the security fixes
available for many, many months.  This is only affecting phpnuke.org
distro's, not any 'modified' or 'secured' distro, like betaNC, CPG-NUKE,
and others...

No additional patches dealing with these specifics below applied to
php-nuke 7.0 only the security patches.

A. Generates a proper ACCESS DENIED page, no PATH DISCLOSURE.  
-------------------------------------------------------------
RESULT:

"You are trying to access a restricted area.

We are Sorry, but this section of our site is for Registered Users Only.
You can register for free by clicking here, then you can
access this section without restrictions. Thanks."

B. No CSS exploit.  Same result as above.  Below example was sanitized
prior to GET:
------------------------------------------------------------------------
------------
RESULT:

modules.php?name=Reviews&rop=postcomment&id='%3Ch1%3EDarkBicho%3C/h1&tit
le=a
modules.php?name=Reviews&rop=postcomment&id='&title=%3Ch1%3EDarkBicho%3C
/h1%3E


So as long as you've addressed the age-old bugs that still haven't been
fixed in the basic PHP-Nuke distro's then you may be vulnerable.
However these methods have long been squashed in patches available, and
do not affect newer, secure distro's such as betaNC or CPG-Nuke.

Again, I added no new patches to test these potentials in the last 30
days.  And they simply are not a factor.

Sincerely,

J.
j e r u v y a t s h a w d o t c a 


-----Original Message Below-----
From: Dark Bicho [mailto:k1ll3rb0y@...mail.com] 
Sent: Monday, June 07, 2004 3:31 PM
To: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com
Subject: Multiple vulnerabilities PHP-Nuke


original advisory : http://bichosoft.webcindario.com/advisory-05.txt

------------------------------------------------------------------------
-------------------------

                            :.: Multiple vulnerabilities PHP-Nuke :.:

  PROGRAM: PHP-Nuke
  HOMEPAGE: http://phpnuke.org/
  VERSION: 6.x, 7.2, 7.3
  BUG: Multiple vulnerabilities
  DATE:  14/05/2004
  AUTHOR: DarkBicho
          web: http://www.darkbicho.tk
          team: Security Wari Proyects <www.swp-zone.org>
          Email: darkbicho@...u.com

------------------------------------------------------------------------
-------------------------


1.- Affected software description:
    -----------------------------

    Php-Nuke is a popular content management system, written in php by
    Francisco Burzi.

2.- Vulnerabilities:
    ---------------

A. Full path disclosure:

    This vulnerability would allow a remote user to determine the full
    path to the web root directory and other potentially sensitive 
information.

    :.: Examples:

    
http://localhost/nuke1/modules.php?name=Reviews&rop=showcontent&id='Dark
Bicho

    Warning: date(): Windows does not support dates prior to midnight 
(00:00:00),
    January 1, 1970 in c:\appserv\www\nuke1\modules\Reviews\index.php on

line 527

B. Cross-Site Scripting aka XSS:

    :.: id :

    * 
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&tit
le=a

    <input type=hidden name=id value='>

    :.: title :

    * 
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&tit
le=a

    :.: Examples:

    
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='<h1>
DarkBicho</h1&title=a
    
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&tit
le=<h1>DarkBicho</h1>


3.- SOLUTION:
     ????????
    Vendors were contacted many weeks ago and plan to release a fixed 
version soon.
    Check the PHP-NUKE website for updates and official release details.


4.- Greetings:
    ---------

    greetings to my Peruvian group swp and perunderforce :D
    "EL PISCO ES Y SERA PERUANO"


5.- Contact
    -------

	WEB: http://www.darkbicho.tk
	EMAIL: darkbicho@...u.com

------------------------------------------------------------------------
-------------------------
                                ___________      ____________
                               /   _____/  \    /  \______   \
                               \_____  \\   \/\/   /|     ___/
                              /        \\        / |    |
                             /_______  / \__/\  /  |____|
                             \/       \/

                                Security Wari Projects
                                  (c) 2002 - 2004
		                    Made in Peru

----------------------------------------[   EOF    
]----------------------------------------------

_________________________________________________________________
Consigue aqu? las mejores y mas recientes ofertas de trabajo en Am?rica 
Latina y USA: http://latam.msn.com/empleos/





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ