 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 426 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Dangerous bug or not?!!!! |
|
 one writes "On one russian nuke site in the forum I see one interest post about securety protection and one man post one interest link:
your site//modules.php?name=Downloads&d_op=viewdownload&cid=2%20UNION%20select%20counter,%20aid,%20pwd%20FROM%20nuke_authors%20--
I try check in my site this link and I get admin password in DB format. I think if get password no problem to decode it in redable format. I check this link on nukecops portal system.
Sorry for bad english.
Admin Note: This has been reported to us and I cannot replicate it."
|
|
Posted on Thursday, January 15 @ 12:33:46 CET by Zhen-Xjell |
|
|
|
|
| |
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Dangerous bug or not?!!!! (Score: 1)
by georgiaguy on Thursday, January 15 @ 13:01:56 CET
(User Info | Send a Message) | | even if they could get the password from the DB, it's been encoded via md5, which is a "one way" function. once it's been encoded, it can't be decoded (that's why when a user loses their password in PHPNuke, the system has to generate a new one, and not just pull it from the DB and decode it). |
| | | | |
Re: Dangerous bug or not?!!!! (Score: 1)
by judas (judas_iscariote@piscola.com) on Thursday, January 15 @ 17:16:30 CET
(User Info | Send a Message) | this "bug" has been fixed a long time ago..and the hack
your site//modules.php?name=Downloads&d_op=viewdownload&cid=2%20UNION%20select%20counter,%20aid,%20pwd%20FROM%20nuke_authors%20--
only affects you..if you have mysql 4.x (UNION its not implemented on mysql 3.x)
for patch..see nukecops cvs.
|
| | | | | |
|
