PHP Nuke Nederland
  
•   Home  •  Downloads  •  Your Account  •  Forums  •
PHP-Nuke Nederland: Forums

PHP-Nuke Nederland :: View topic - LEES: WAARSCHUWING - Gevaarlijke exploit voor PHP-Nuke
 Forum FAQ  •   Search   •  Memberlist  •  Usergroups   •  Register   •    •  Profile  •  Log in to check your private messages  •  Log in

LEES: WAARSCHUWING - Gevaarlijke exploit voor PHP-Nuke
 
Post new topicReply to topic PHP-Nuke Nederland Forum Index » Security 7.x
View previous topic Log in to check your private messages View next topic
Author Message
BlueLion
Administrator
Administrator


Joined: Aug 21, 2004
Posts: 2836
PostPosted: Wed 14 Dec 2005 3:41 Reply with quoteBack to top
Nadere info volgt over wat dit precies doet. Maar 1 ding is zeker op dit moment: Gebruikers van NukeSentinel zijn hiertegen niet beschermd.

Zone-H.org wrote:

NukeSentinel is a security script for Php-Nuke sites for blocking hacking attempts. The creator is Bob Marion from www.nukescripts.net. It is supposed to block all strings used in sql injection and scripting attacks.
It has been discovered an attacker can bypass nukesentinel for any kind of attack by using %2a%2a in a query instead of the ** or ( ) that Nuke Sentinel alerts on. Example:
www.target.com/modules.php?name=[module name]&file=search&bywhat=aid&exact=1&forwhat=kala%27/%2a%2a/[Script]
Other scripts such as protector and admin secure will stop this.


De exploit wordt inmiddels uitvoerig besproken op het officiële NukeSentinel forum:
http://ravenphpscripts.com/postt7683.html


BL
View user's profileSend private messageSend e-mailVisit poster's website
zeromechanic
Administrator
Administrator


Joined: Oct 01, 2004
Posts: 1527
Location: Emmeloord
PostPosted: Wed 14 Dec 2005 18:27 Reply with quoteBack to top
Wat ik lees is dat Nuke Platinum hier vooral last van heeft.
De standaar phpnuke 7.6 met chatserv 3.1, schijnt dit niet te hebben.
Quote:

But I can't reproduce the exploit. That's the problem. I can't prove that NukeSentinel(tm) is NOT working because it's not getting the UNION code. You have to tell me what environment you are using so I can replicate it. I wish you would understand that. It's not that I don't want to fix something. I've yet to see where anything is broken.

The bottom line is that base nuke7.6 is not exploitable. So, that takes pl3.1 and NukeSentienl(tm) out of the picture. I am using 6.9 and it is not exploitable. So, those sites that are getting cracked are getting cracked because they are either not patched current or not using current NukeSentinel(tm). NukeSentinel(tm) was and is designed to work in addition to the core code and patch code. Nothing more .. Nothing less. Show me how to replicate the code and if a fix is needed I will issue one.


Last edited by Raven on Mon Dec 12, 2005 1:38 pm; edited 1 time in total

Advies is dus: houd je patches en sentinal up-to-date

Er is inmiddels wel een fix binnen gekomen:
Quote:

I've tested this and it should close many holes that the kiddies never spotted . I am posting it here and in a separate post of its own.

My thanks to Technocrat for staying on my case about this

Edit includes/nukesentinel.php file,

FIND
function st_clean_string($cleanstring) {

AFTER ADD
$cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring);

Should Now Look Like
function st_clean_string($cleanstring) {
$cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring);



Op zelfde forum :

http://ravenphpscripts.com/postp54361.html#54361

_________________
Te Lezen: Forum Regels | Te Gebruiken
View user's profileSend private messageVisit poster's website
zeromechanic
Administrator
Administrator


Joined: Oct 01, 2004
Posts: 1527
Location: Emmeloord
PostPosted: Sat 17 Dec 2005 5:53 Reply with quoteBack to top
I (Raven) have released a patch (v2.4.2pl1) for the SQL injection exploit that was recently discovered by Feloci and reported by Technocrat. Even though it is powerless against RavenNuke76, I recommend that everyone who uses NukeSentinel(tm) download and apply this patch ASAP!


http://ravenphpscripts.com/viewdownloaddetails-14-229.html

_________________
Te Lezen: Forum Regels | Te Gebruiken
View user's profileSend private messageVisit poster's website
BlueLion
Administrator
Administrator


Joined: Aug 21, 2004
Posts: 2836
PostPosted: Sat 17 Dec 2005 23:29 Reply with quoteBack to top
Aangeraden is om NukeSentinel te patchen naar 2.4.2pl1 of handmatig het volgende te wijzigen in nukesentinel.php in root/includes/

Vindt:

[php:1:13ef44285e]function st_clean_string($cleanstring) {[/php:1:13ef44285e]

Voeg hierNA aan toe:

[php:1:13ef44285e]$cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring);[/php:1:13ef44285e]

Zodat het er zo uit ziet:

[php:1:13ef44285e]function st_clean_string($cleanstring) {
$cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring);[/php:1:13ef44285e]


Bovendien is het aanbevolen om PHP-Nuke te patchen met patch 3.1!!


BL
View user's profileSend private messageSend e-mailVisit poster's website
Dutch_com_freak
Helper
Helper


Joined: Sep 17, 2004
Posts: 164
PostPosted: Sat 07 Jan 2006 18:42 Reply with quoteBack to top
ik heb hem geloof ik al eens eerder gesteld op dit forum, maar ik denk dat er meer mensen zijn die met dit probleem zitten.

Sinds overal alle versie nummers verdwenen zijn (wel goed dat ze nu weg zijn overegens! dat maakt zoeken naar exploits nu minder makkelijk, al kunnen ze het altijd proberen) maar hoe weet ik nu welke versie ik heb van sentinel of php-nuke (patch). Van het forum is het eenvoudig te vinden in de admin maar van sentinel of nuke kan ik daar nix van teug vinden in de admin...

_________________
Live IT, Love IT, Lan IT! [IWKY] IT !
View user's profileSend private messageSend e-mail
zeromechanic
Administrator
Administrator


Joined: Oct 01, 2004
Posts: 1527
Location: Emmeloord
PostPosted: Sat 07 Jan 2006 19:20 Reply with quoteBack to top
je kunt analyzer.php downloden op deze site

http://www.phpnuke-nederland.com/download-file-85.html

laat hem niet open staaan op je site, beveilig hem via .htaccess ofzo, of verwijder hem daarna.

Alleen klopt bij mij het versie nummer niet.
hij geeft 7.7 aan, terwijl ik voor 101% 7.6-3.1 erop heb staan.
(van deze site gehaad)

_________________
Te Lezen: Forum Regels | Te Gebruiken
View user's profileSend private messageVisit poster's website
Dutch_com_freak
Helper
Helper


Joined: Sep 17, 2004
Posts: 164
PostPosted: Sat 07 Jan 2006 19:42 Reply with quoteBack to top
WARNING! WARNING! WARNING! Your PHP-Nuke CMS Is Old!
Your Version
Reason For Vulnerability

7.6 PHP-Nuke, with each new release (currently at 7.8, fixes vulnerabilities and exploits that older versions are susceptible to. This is a general alert for you to be aware that running older PHP-Nuke (or its ports) versions may leave it open to such attacks. It is your choice whether to upgrade or not to the newest version (regardless of status: gold, release candidate, or beta). But if you do decide to upgrade, for your sake make sure you backup 100% your MySQL database and all of your filesystem files. Laughing Laughing Laughing

maar nu weet ik dus nog niet over ik die patch nu wel of niet heb

_________________
Live IT, Love IT, Lan IT! [IWKY] IT !
View user's profileSend private messageSend e-mail
BlueLion
Administrator
Administrator


Joined: Aug 21, 2004
Posts: 2836
PostPosted: Sun 08 Jan 2006 23:43 Reply with quoteBack to top
Dutch_com_freak wrote:
ik heb hem geloof ik al eens eerder gesteld op dit forum, maar ik denk dat er meer mensen zijn die met dit probleem zitten.

Sinds overal alle versie nummers verdwenen zijn (wel goed dat ze nu weg zijn overegens! dat maakt zoeken naar exploits nu minder makkelijk, al kunnen ze het altijd proberen) maar hoe weet ik nu welke versie ik heb van sentinel of php-nuke (patch). Van het forum is het eenvoudig te vinden in de admin maar van sentinel of nuke kan ik daar nix van teug vinden in de admin...


Je versie nummer kan je vinden in de database. In de tabel nuke_config vind je het veld Version_Num. Daar staat welke versie je draait.

Heb je jouw versie gepatched dan vind je onderaan in je config.php het volgende:
[php:1:040385c408]// Nuke Patched 3.1[/php:1:040385c408]


BL
View user's profileSend private messageSend e-mailVisit poster's website
BlueLion
Administrator
Administrator


Joined: Aug 21, 2004
Posts: 2836
PostPosted: Sun 08 Jan 2006 23:46 Reply with quoteBack to top
Dutch_com_freak wrote:
WARNING! WARNING! WARNING! Your PHP-Nuke CMS Is Old!
Your Version
Reason For Vulnerability

7.6 PHP-Nuke, with each new release (currently at 7.8, fixes vulnerabilities and exploits that older versions are susceptible to. This is a general alert for you to be aware that running older PHP-Nuke (or its ports) versions may leave it open to such attacks. It is your choice whether to upgrade or not to the newest version (regardless of status: gold, release candidate, or beta). But if you do decide to upgrade, for your sake make sure you backup 100% your MySQL database and all of your filesystem files. Laughing Laughing Laughing

maar nu weet ik dus nog niet over ik die patch nu wel of niet heb


De analyzer moet je voor zover het versie nummer negeren. Gebruik PHP-Nuke 7.6pl3.1 en niet hoger.


BL

_________________
Te Lezen: Forum Regels | Te Gebruiken: Forum Zoek Functie
Aanbevolen PHP-Nuke versie: PHP-Nuke 7.6pl3.1!
Aanbevolen Security AddOn: Nuke Sentinel™
View user's profileSend private messageSend e-mailVisit poster's website
Alexander
Gevorderd
Gevorderd


Joined: Jul 04, 2005
Posts: 104
Location: Amersfoort
PostPosted: Mon 15 May 2006 4:01 Reply with quoteBack to top
BlueLion wrote:


Heb je jouw versie gepatched dan vind je onderaan in je config.php het volgende:
[php:1:d789e60fe4]// Nuke Patched 3.1[/php:1:d789e60fe4]


zag deze melding staan had zo iets van Shocked dat is handig als het er staat, maarre waar zou het moeten staan?

Heb versie 7.6 met Patch 3.1 en heb gepatch naar 3.2
View user's profileSend private messageVisit poster's website
Display posts from previous:      
 Donaties   Adverteren 
Wilt u het forum steunen, dan kunt u nu eenvoudig doneren met PayPal.
Post new topicReply to topic PHP-Nuke Nederland Forum Index » Security 7.x
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Web site powered by PHP-Nuke

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2004-2008 by BlueLion.
SEO enhanced with the Sitemapper script
You can syndicate our news using the file backend.php or ultramode.txt
Powered by PHP Powered by MySQL Apache Webserver Valid robots.txt
PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Pagina rendering: 0.10 seconden


[Valid News RSS]

RSS Feeds:
[RSS 2.0 News Feed]
[RSS 2.0 Download Feed]
[RSS 2.0 Forum Feed]
[RSS 2.0 Link Feed]
:: fisubsilver shadow phpbb2 style by Daz :: PHP-Nuke theme by BlueLion ::