Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
March 29, 2024
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 773
Members: 0
Total: 773
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpNuke -> check this..
Post new topic  Reply to topic View previous topic :: View next topic 
check this..
PostPosted: Mon Jun 07, 2004 1:06 pm Reply with quote
SteX
Advanced user
Advanced user
 
Joined: May 18, 2004
Posts: 181
Location: Serbia




http://securitytracker.com/id?1010351
check this..
Quote:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is a vulnerability in PHPNuke that permits execution of arbitrary
SQL queries on a database located in the same server of an attacker's
account. This is the procedure: first of all attacker must create a
symlink pointing to victim's db directory in PHPNuke home directory
because of mainfile.php include method. After that he can build a simple
php code executing a query to the PHPNuke database. Here is an example:

<?php
require_once ("/location_of_victim's_PHPNuke/mainfile.php");
$sql = $db->sql_query("SELECT aid,pwd FROM ".$prefix."_authors");
while($record = $db->sql_fetchrow($sql))
~ echo "Username: $record[aid]\n<br>\nPassword: $record[pwd]\n<br><br>\n"

;
unset($sql);
?>

Queries are executed normally because config.php (which is included by
mainfile.php) provides the information in order to connect to the chosen
database. This is a very easy way to deface PHPNuke-based websites or
adding and removing users, and so on.

This "homemade patch" goes in config.php, just below connection
variables. It checks domain name provided by web server with the one
provided by the user and grants execution of SQL queries only if domain
names match. Here is the code:

$domainname = "www.example.com";
if ($_SERVER['SERVER_NAME'] != $domainname ) {
~ echo "Access denied";
~ die();


This vulnerability isn't only for PHPNuke, but also for every CMS that
doesn't check domain names.

Greetings,

Luca Falavigna

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBQLn1V/TtdJayrm9xAQL8jAf+MV1wlF5MJW8nDez3kOoHugvqmb2L2ftG
kwkEfl/zERPfsu651/PM9ocDkm1z+pLJh6kzPusED2GVuZOGY9Gbd5P5dOjGc7qX
OqEzXMRWkX3r2joAzyjKsO24sAc4YNI0FQPPFve9sZqRMdG+vF4VzIoldjiegSVH
d5rLceL/AojrzEakUiBGBUuKJN/k0uG3NzACra3Oa8haMwlTvQmY0VRjSgGArCq2
ohpSlCTZOk4iANYJXHaZE0u+Ep0t4UOCZK9j/jM8rjMdpCynWCkGo/FzcreakHom
FCHAR9m0LJ0UuuPU/1VbamwZ6OlNhdMWau9wIKJGW0bsWnzSwd7llg==
=JnMQ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_________________

We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
-------------------------------------------------------
View user's profile Send private message
yeah man
PostPosted: Sun Jun 13, 2004 9:17 am Reply with quote
condor_4u
Regular user
Regular user
 
Joined: Jun 03, 2004
Posts: 11




yeah man ....go on ....good work Razz
View user's profile Send private message
check this..
  www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB © 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.086 Seconds