You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 437 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
PHP-Nuke Vulnerability! Get your fix NOW!
SecurityQuake writes "A security issue with PHP-Nuke has been found in admin.php. This issue allows to add GOD admins easily to the admin. Bug reported to us by PeNdEjO (thanks a lot).

I quickly made a fix and chatserv updated the packages. Its recommended that you get Nuke Patched 3.1 as quick as possible to avoid your site being hacked.

This issue does NOT affect NukeSentinel users or users that have a HTTP Authenticate check on their admin.php

Again, thanks to PeNdEjO

Manual changes also available at nukefixes.com

Admin Note: Good catch!"
Posted on Saturday, July 30 @ 06:47:12 CEST by VinDSL
 
Related Links
· Computer Cops
· More about Security
· News by VinDSL


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 5
Votes: 1


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: PHP-Nuke Vulnerability! Get your fix NOW! (Score: 1)
by Quake on Saturday, July 30 @ 06:50:19 CEST
(User Info | Send a Message)
Well the GET method of AddAuthor was blocked, but not the post method. They did this with a remote form. Never thought of myself :P


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.065 Seconds - 188 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::