 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 325 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: PHP-Nuke Security GFX Mapping - Potential Risk (Score: 1)
by Zhen-Xjell on Thursday, February 12 @ 17:47:54 CET
(User Info | Send a Message) http://castlecops.com | If you take a more indepth look at the code:
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
mt_rand is not being used at this point to generate the actual security code. It is only the beginning point.
From the $rcode, the following is extracted:
$code = substr($rcode, 2, 6);
$code is what gets sent back as the security code value.
So you see, the $random_num has already been generated. Which means if you refresh the link in the article several times or hundreds of times today without changing your user agent you will see the same security code value over and over again:
http://googletap.com/modules.php?name=Your_Account&op=gfx&random_num=604071
You can remove the $sitekey and the number will of course be different. But that number will also remain the same as I described above.
Which means under my specific conditions, the random_num 60407 equals 588529 for today's date with the Nuke Cops secret sitekey.
Please ensure you understand how the code works, because your explanation is not correct.
As to the annoying warning in analyzer, it is especially meant to be just that. Its purpose is not to fix any issues, but to alarm the owner of those that exist.
With that said, what have you done to help improve the security holes and issues in the PHP-Nuke community? |
| Parent | | | | | |
|