 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 502
 Members: 0
 Total: 502
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
SA#018 Fix? |
|
 Posted: Fri Jun 25, 2004 2:23 am |
 |
|
| sarah |
| Regular user |
 |
|
| Joined: Jun 25, 2004 |
| Posts: 5 |
|
|
|
 |
|
 |
|
Hello,
I run nuke 7.2 and am having issues with someone who keeps creating a God account on our site and deleting my posts.
My issues is SA#018 with teh SQL admin injection..
| Code: | | admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&add_email=foo@bar.com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox |
Is there anyway I can patch this. I checked through your site but didn't find anything for 7.2. Or should I upgrade to 7.3?
Thanks so much, your website is a GREAT resource!!!!
Sarah |
|
|
|
|
|
|
|
|
| Posted: Fri Jun 25, 2004 9:17 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
#18 is related to sql injection through base64 encoded admin parameters.
And i myself are using patch like this.
First, open mainfile.php and find this piece of code:
| Code: |
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
|
Add filtering code, so result will be as:
| Code: |
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
//############################################################
//-- Base64 sanitize by Waraxe -------------------------------
if(isset($admin))
{
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = base64_encode($admin);
}
if(isset($user))
{
$user = base64_decode($user);
$user = addslashes($user);
$user = base64_encode($user);
}
//############################################################
|
After this code addition all the base64-based sql injection exploits will stop working. |
|
|
|
|
|
|
|
|
| Posted: Fri Jun 25, 2004 12:50 pm |
|
|
| sarah |
| Regular user |
|
|
| Joined: Jun 25, 2004 |
| Posts: 5 |
|
|
|
|
|
|
|
Hey it worked!! Thank you SOOO MUCH! I'm going to donate some $$ when I get paid next week.
So what else should I worry about patching on 7.2? Any other exploits in any other module? |
|
|
|
|
| Posted: Fri Jun 25, 2004 2:07 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Thanks for donation!
About phpnuke 7.2...
Do you use out-of-the-box version directly from phpnuke.org?
Then it is filled with various security holes. First thing you must do, is to install all the patches from nukecops or nukefixes. Then, install some
protector system - for example Sentinel. And finally - visit my website and forum to find out newest patching tutorials 
If you have any specific questions, go ahead, i will try to help. |
|
|
|
|
| Posted: Mon Jun 28, 2004 12:35 pm |
|
|
| sarah |
| Regular user |
|
|
| Joined: Jun 25, 2004 |
| Posts: 5 |
|
|
|
|
|
|
|
yes, using out of the box 7.2. i cant find any specific patches from nuke cops but i'm assuming there are specific issues in which you're referring to..
so any girlfriend? |
|
|
|
|
www.waraxe.us Forum Index -> How to fix
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
