You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 561 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Bug Fix: Sec-Fix Patch SFP
SecuritySecurity patch for PHP-Nuke 7.0 and 7.1 designed to secure the Reviews, Search, Sections and Surveys modules against a vulnerability being exploited in the same fashion the Downloads and Web_Links modules were compromised a while back. In the case of the Reviews module you can help secure it by following a tip by Raven, find 2 instances of where id=$id and change to where id = '$id'

Downloads: PHP-Nuke 6.5 - 6.9 - PHP-Nuke 7.0 - PHP-Nuke 7.1

Admin Note: The index.php file was already patched in the Nuke Cops CVS PHP-Nuke Bundle last year: here. Those running this release are OK.
Posted on Thursday, February 05 @ 00:54:20 CET by [RETIRED]chatserv
 
Related Links
· Computer Cops
· More about Security
· News by [RETIRED]chatserv


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 5
Votes: 3


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Sec-Fix Patch SFP (Score: 1)
by foxyfemfem on Thursday, February 05 @ 10:17:55 CET
(User Info | Send a Message)
Hello CS,

Is there a changelog file for the SF? My website is GT and I can't afford to copy over the files without losing the GT stuff. Can you add a changelog so I can manually apply the fixes?



Re: Sec-Fix Patch SFP (Score: 1)
by Johan1982 on Thursday, February 05 @ 12:55:08 CET
(User Info | Send a Message)
Nuke 6.0 also has those vulnerabilities?



Re: Sec-Fix Patch SFP (Score: 1)
by Zhen-Xjell on Thursday, February 05 @ 14:51:08 CET
(User Info | Send a Message) http://castlecops.com
I suggest that this code, which is similar to the one I wrote for admin.php exploit, be placed into the mainfile.php. If you notice in most modules mainfile.php is typically called before header.php. Why let Apache process more pages than its worth if its a hack? Let mainfile.php stop it quicker. Saves on performance for high volume sites.


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.175 Seconds - 207 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::