You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 623 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Bug Fix: Urgent fix for security hole in phpNuke 6.5
SecurityThe fix for what is mentioned in the previous articles as provided by Francisco Burzi is as follows
Everyone should edit the file modules/News/index.php and search the function rate_article. You should change the first lines of the functions to close the security hole.
File: modules/News/index.php
Function: rate_article
It looks like:
if ($score) {
if ($score > 5) { $score = 5; }
if ($score < 1) { $score = 1; }
Should be changed for:
 $score = intval($score);
if ($score) {
if ($score > 5) { $score = 5; }
if ($score < 1) { $score = 1; }
if ($score != 1 AND $score != 2 AND $score != 3 AND $score != 4 AND $score != 5) {
Header("Location: index.php");
die();
}

Admin Note: The code has been updated to reflect the latest patch.
Posted on Sunday, March 23 @ 00:36:38 CET by [RETIRED]chatserv
 
Related Links
· Computer Cops
· More about Security
· News by [RETIRED]chatserv
Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED
Article Rating
Average Score: 4
Votes: 1


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad
Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Urgent fix for security hole in phpNuke 6.5 (Score: 1)
by Maku on Sunday, March 23 @ 06:46:04 CET
(User Info | Send a Message) http://www.phpnuke.ee
This fix dont work for my site ;(

Re: Urgent fix for security hole in phpNuke 6.5 (Score: 1)
by ordhor on Sunday, March 23 @ 09:03:35 CET
(User Info | Send a Message)
it seems that the security hole still exists.
check out phpnuke.org: it has been hacked again
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.917 Seconds - 234 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::