 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 434
 Members: 0
 Total: 434
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Can the admin exploit be fixed without editing? |
|
 Posted: Sun Jul 11, 2004 7:17 am |
 |
|
| Harry |
| Regular user |
 |
|
| Joined: May 20, 2004 |
| Posts: 14 |
|
|
|
 |
|
 |
|
| My friend has a phpnuke website which was exploited using the old admin exploit below "http://localhost/nuke71/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&add_email=foo@bar.com&add_radminsuper=1". This guy has some issues over his ftp login i.e he cannot access his files, is it possible to stop this exploit without editing the admin.php file? |
|
|
|
|
|
Re: Can the admin exploit be fixed without editing? |
|
| Posted: Sun Jul 11, 2004 2:04 pm |
|
|
| madman |
| Active user |
 |
|
| Joined: May 24, 2004 |
| Posts: 46 |
|
|
|
|
|
|
|
| Harry wrote: | | My friend has a phpnuke website which was exploited using the old admin exploit below "http://localhost/nuke71/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&add_email=foo@bar.com&add_radminsuper=1". This guy has some issues over his ftp login i.e he cannot access his files, |
This exploit isn't related to FTP access. Open file management from host panel and look for file/dir permissions. The www root should be granted to your friend's host account, not "root" or else. Better asking to server admin's assistances if you found such problem.
| Harry wrote: | | is it possible to stop this exploit without editing the admin.php file? |
Install PHP-Nuke security add-ons. |
|
_________________
ch88rs,
madman |
|
|
|
|
|
|
|
| Posted: Sun Jul 11, 2004 9:01 pm |
|
|
| SteX |
| Advanced user |
 |
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
| He cant install addons without FTP access (or Cpanel)..Maybe attacker have FTP and MySQL passwords..(attacker cant obtain ftp password,if he have admin rights).. |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
| Posted: Mon Jul 12, 2004 5:45 pm |
|
|
| madman |
| Active user |
|
|
| Joined: May 24, 2004 |
| Posts: 46 |
|
|
|
|
|
|
|
| SteX wrote: | | He cant install addons without FTP access (or Cpanel)..Maybe attacker have FTP and MySQL passwords..(attacker cant obtain ftp password,if he have admin rights).. |
Regarding to nuke admin account, do not use the same password for FTP or cPanel login. Please note that FTP authentification does not encripted so someone can monitor your connection and may intercept your FTP access. |
|
_________________
ch88rs,
madman |
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
