 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 342 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
Security: PHP-Nuke SQL Injection Vulnerability Fix |
|
 Due to the number of recent attacks to PHP-Nuke websites and the confusion generated by multiple workarounds being offered i have decided to place all security related fixes together and packed according to Nuke version, to apply simply upload the files so that they replace your current ones, make sure you download the correct one for your version of PHP-Nuke.
PHP-Nuke 6.0
PHP-Nuke 6.5
PHP-Nuke 6.6-6.9
PHP-Nuke 7.0
Admin Note: Update - Had to reupload the files, seems the wrong ones were uploaded earlier so download again if you downloaded earlier, sorry for the inconveniences.
|
|
Posted on Wednesday, October 15 @ 18:09:29 CEST by [RETIRED]chatserv |
|
|
|
|
| |
|
Average Score: 1
Votes: 2
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: PHP-Nuke SQL Injection Vulnerability Fix (Score: 1)
by CrazyDog1 on Wednesday, October 15 @ 18:14:25 CEST
(User Info | Send a Message) http://crazydogsworld.com | Awesome Job! This will help bring down alot of the confusion! ;)
ChatServ for PRESIDENT! |
| | | | |
Re: PHP-Nuke SQL Injection Vulnerability Fix (Score: 1)
by intel352 on Wednesday, October 15 @ 21:41:27 CEST
(User Info | Send a Message) http://www.nukebbmods.net | erm, in admin.php, the login function, the variable $gfx_chk is called globally...
isn't $gfx_chk a 6.9 specific function? so because $gfx_chk is called (and is included in an IF statement), any site that does not have that variable will not have the security code displayed for logins
am i correct? |
| | | | |
Re: PHP-Nuke SQL Injection Vulnerability Fix (Score: 1)
by intel352 on Wednesday, October 15 @ 21:48:00 CEST
(User Info | Send a Message) http://www.nukebbmods.net | | banners.php -> variable $impmade is created too soon (line 44). the sql call that it is created for, is not where it's value is retrieved (that occurs later in the script) |
| | | | |
Re: PHP-Nuke SQL Injection Vulnerability Fix (Score: 1)
by intel352 on Wednesday, October 15 @ 21:54:10 CEST
(User Info | Send a Message) http://www.nukebbmods.net | | in many places, you have used intval[] instead of intval() (many places in banner.php, haven't noticed it in other files just yet) |
| | | | |
Re: PHP-Nuke SQL Injection Vulnerability Fix (Score: 1)
by judas (judas_iscariote@piscola.com) on Wednesday, October 15 @ 22:31:01 CEST
(User Info | Send a Message) | chatserv..great work...but..
the 6.0 mainfile.php is still vulnerable
add the...
foreach ($HTTP_POST_VARS as $secvalue) {
AND BLA BLA..
and the fix for the checkhtml function..
BYE..AND THANK YOU VERY MUCH |
| | | | |
Re: PHP-Nuke SQL Injection Vulnerability Fix (Score: 1)
by strange on Thursday, October 16 @ 22:28:09 CEST
(User Info | Send a Message) | I installed these patches for 6.9 and now i cant get to my submissions for some reason (http://www.mysite.com/admin.php?op=submissions) any ideas on what i may have goofed up?
|
| | | | | |
|
