Login or Register  • Home • Downloads • Your Account • Forums •

Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in Recent UNION exploit with unpatched sites and NukeSentinel View next topic View previous topic   Web RavenPHPScripts (This Site)      Ravens PHP Scripts And Web Hosting Forum Index » NukeSentinel(tm) Author Message Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 15315 Location: Kansas Posted: Tue Dec 13, 2005 11:30 pm Nuke Platinum sites and regular phpnuke site are being exploited with a variation of an old exploit that was fixed in Patch Level 3.x and possibly even 2.9. Using a specially crafted url and the UNION modifier, your admin password, in md5 hashed code, can be exposed. The fact that many people use common dictionary words, this information can be used to easily get admin access to your site. Now for this to happen, you would need to be running a version of phpnuke that is not patched current. NukeSentinel(tm) becomes an accomplice to this because the URL was bypassing the filters in NukeSentinel(tm). Actually, the filters are in there, they just weren't working correctly. With the following fix you should not have to worry. It should also be noted that if you are using NukeSentinel's Admin Auth protection and you have taken our advice and not kept the passwords the same, even if they guess your nuke password they still can't get past NukeSentinel(tm). That's a safety net but not the full soultion. I've tested this and it should close many holes that the kiddies never spotted . I am posting it here and in a separate post of its own. My thanks to Technocrat for staying on my case about this Edit includes/nukesentinel.php file, FIND function st_clean_string($cleanstring) { AFTER ADD $cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring); Should Now Look Like function st_clean_string($cleanstring) { $cleanstring = str_replace($cleanstring,strtoupper($cleanstring),$cleanstring); Please note that users of RavenNuke76 are not affected by this VinDSL Life Cycles Becoming CPU Cycles Joined: Jul 11, 2004 Posts: 616 Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com Posted: Wed Dec 14, 2005 1:30 am Thanks, Raven! You're doing a great job! It's odd how these security issues always comes in spurts, no? persona_non_grata Joined: Posts: 0 Posted: Wed Dec 14, 2005 5:08 am lol...it never ends huh... but ehh...c'mon guys...dont think that everybody is going to update with the 3.1 patch.... i think it would be wise to publish the vunerable parts that should be checked/patched... the majority of what i know isnt on the 3.1,but non of them were ever hacked also... thing also is that using the 3.1 chances are parts of your site wont be functional anymore.... so i think that publishing the few checkup steps would be helpfull to many... and if not,then they will end up here with a hacked site... AFaisal New Member Joined: Nov 07, 2002 Posts: 2 Posted: Wed Dec 14, 2005 5:40 am Hi, I want to get help from you. My site using php-nuke 7.9 patch 3.1 and Nukesentinel 2.4.2. I just want to make sure that my site is secure, so please let me know if you can exploit my site. Only registered users can see links on this board! Get registered or login to the forums! Regards, AFaisal Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 15315 Location: Kansas Posted: Wed Dec 14, 2005 8:25 am persona_non_grata wrote: lol...it never ends huh... but ehh...c'mon guys...dont think that everybody is going to update with the 3.1 patch.... i think it would be wise to publish the vunerable parts that should be checked/patched... the majority of what i know isnt on the 3.1,but non of them were ever hacked also... thing also is that using the 3.1 chances are parts of your site wont be functional anymore.... so i think that publishing the few checkup steps would be helpfull to many... and if not,then they will end up here with a hacked site... that's why I published the fix Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 15315 Location: Kansas Posted: Wed Dec 14, 2005 8:26 am AFaisal wrote: Hi, I want to get help from you. My site using php-nuke 7.9 patch 3.1 and Nukesentinel 2.4.2. I just want to make sure that my site is secure, so please let me know if you can exploit my site. Only registered users can see links on this board! Get registered or login to the forums! Regards, AFaisal I do not offer that 'service'. You can find all the hacks you need to test on your own by googling technocrat Involved Joined: Jul 07, 2005 Posts: 495 Posted: Wed Dec 14, 2005 10:24 am AFaisal - Applying the patch above and what you have now "should" stop most current hacks and the ones that I am watching the script kiddies mess with. Who knows what tomorrow might bring. Raven - I am glad we could agree finally I think its better for everyone diyadin2 New Member Joined: Dec 25, 2004 Posts: 1 Posted: Wed Dec 14, 2005 10:34 am Thanks Raven Mojo742 New Member Joined: Nov 03, 2005 Posts: 6 Posted: Wed Dec 14, 2005 8:46 pm I am looking to patch my site to 3.1... will i have to add the file edits for NukeSentinel again after that? AFaisal New Member Joined: Nov 07, 2002 Posts: 2 Posted: Wed Dec 14, 2005 9:18 pm I have add line above in includes/nukesentinel.php. Can someone PM me how to test injection my site ? I think this is funny if I asked you. I am not programmer, I am only user. Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 15315 Location: Kansas Posted: Wed Dec 14, 2005 9:31 pm Only registered users can see links on this board! Get registered or login to the forums! VinDSL Life Cycles Becoming CPU Cycles Joined: Jul 11, 2004 Posts: 616 Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com Posted: Thu Dec 15, 2005 3:17 am Raven wrote: http://www.zone-h.org/en/advisories/read/id=8510/ If you'll pardon the pun: "Oh, what a tangled *web* we weave, when first we practice to decieve." Ever heard the rarely mentioned second line? "But my how we improve the score, as we practice more and more." Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 15315 Location: Kansas Posted: Thu Dec 15, 2005 4:19 am How true -- how true. I have to commend felosi for his quick reaction to my response. See Only registered users can see links on this board! Get registered or login to the forums! SpaceMonkey Worker Joined: Apr 30, 2005 Posts: 170 Posted: Thu Dec 15, 2005 5:49 am Can anyone let me know the dates that the various patches have been released? I've updated a couple of times... How can I tell what version I'm running? chatserv The Mouse Is Extension Of Arm Joined: May 02, 2003 Posts: 1393 Posted: Thu Dec 15, 2005 10:18 am 12/07/04 - Version 2.8 02/15/05 - Version 2.9 04/29/05 - Version 3.0 06/24/05 - Version 3.0 For PHP-Nuke 7.8 07/28/05 - Version 3.1 3.1 had a few changes done to it shortly after it was released, if you downloaded it in the past two months then you have the latest version that is available for downloading. Raven Site Admin/Owner Joined: Aug 27, 2002 Posts: 15315 Location: Kansas Posted: Sun Dec 18, 2005 12:32 am UPDATE: The previous fix works but it was causing some links in the admin screen to not function correctly (see Only registered users can see links on this board! Get registered or login to the forums! ). So, here is yet another, not so elegant, fix that should make all yhings well again Edit includes/nukesentinel.php file FIND AND REPLACE THIS ENTIRE FUNCTION (UPDATED 12/18/2005 Code: function st_clean_string($cleanstring) {} WITH THIS Code: function st_clean_string($cleanstring) {   $st_fr1 = array("%00", "%01", "%02", "%03", "%04", "%05", "%06", "%07", "%08", "%09", "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%20", "%21", "%22", "%23", "%24", "%25", "%26", "%27", "%28", "%29", "%30", "%31", "%32", "%33", "%34", "%35", "%36", "%37", "%38", "%39", "%40", "%41", "%42", "%43", "%44", "%45", "%46", "%47", "%48", "%49", "%50", "%51", "%52", "%53", "%54", "%55", "%56", "%57", "%58", "%59", "%60", "%61", "%62", "%63", "%64", "%65", "%66", "%67", "%68", "%69", "%70", "%71", "%72", "%73", "%74", "%75", "%76", "%77", "%78", "%79");   $st_to1 = array("", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", " ", "!", "\"", "#", "$", "%", "&", "'", "(", ")", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "@", "A", "B", "C", "D", "E", "F", "G", "H", "I", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "`", "a", "b", "c", "d", "e", "f", "g", "h", "i", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y");   $st_fr2 = array("%0A", "%0B", "%0C", "%0D", "%0E", "%0F", "%1A", "%1B", "%1C", "%1D", "%1E", "%1F", "%2A", "%2B", "%2C", "%2D", "%2E", "%2F", "%3A", "%3B", "%3C", "%3D", "%3E", "%3F", "%4A", "%4B", "%4C", "%4D", "%4E", "%4F", "%5A", "%5B", "%5C", "%5D", "%5E", "%5F", "%6A", "%6B", "%6C", "%6D", "%6E", "%6F", "%7A", "%7B", "%7C", "%7D", "%7E", "%7F", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f", "%2a", "%2b", "%2c", "%2d", "%2e", "%2f", "%3a", "%3b", "%3c", "%3d", "%3e", "%3f", "%4a", "%4b", "%4c", "%4d", "%4e", "%4f", "%5a", "%5b", "%5c", "%5d", "%5e", "%5f", "%6a", "%6b", "%6c", "%6d", "%6e", "%6f", "%7a", "%7b", "%7c", "%7d", "%7e", "%7f");   $st_to2 = array("", "", "", "", "", "", "", "", "", "", "", "", "*", "+", ",", "-", ".", "/", ":", ";", "<", "=", ">", "?", "J", "K", "L", "M", "N", "O", "Z", "[", "\\", "]", "^", "_", "j", "k", "l", "m", "n", "o", "z", "{", "|", "}", "~", "", "", "", "", "", "", "", "", "", "", "", "", "", "*", "+", ",", "-", ".", "/", ":", ";", "<", "=", ">", "?", "J", "K", "L", "M", "N", "O", "Z", "[", "\\", "]", "^", "_", "j", "k", "l", "m", "n", "o", "z", "{", "|", "}", "~", "");   $cleanstring = str_replace($st_fr1, $st_to1, $cleanstring);   $cleanstring = str_replace($st_fr2, $st_to2, $cleanstring);   return $cleanstring; } phoenix-cms Worker Joined: Aug 05, 2005 Posts: 139 Posted: Sat Dec 24, 2005 3:32 am after looking into this my phpnuke that i building code name phoenix uses that same search module from nukestyles and phpnuke 7.9 filter does not seem to be affected. maybe the filter code be backported into patched? Guardian2003 Site Admin Joined: Aug 28, 2003 Posts: 5057 Posted: Sat Dec 24, 2005 9:04 am VinDSL wrote: Thanks, Raven! You're doing a great job! It's odd how these security issues always comes in spurts, no? Probably ties in with school holidays lmao Display posts from previous:   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year  Oldest FirstNewest First        Ravens PHP Scripts And Web Hosting Forum Index » NukeSentinel(tm)  Jump to:  Select a forum Read Me First!!!----------------Board Rules and Regulations Web Hosting Services----------------RWH GeneralRWH Pre Sale QuestionsRWH Client Center Application OnlyRWH OtherFAQ - PHP5 w/phpSuExec Conversion From PHP4PHP5 Conversion Issues From PHP4 RavenNuke(tm) Programming Standards/Approaches/Philosophy----------------Converting/Creating BlocksConverting/Creating ModulesConverting/Creating ThemesConverting/Creating OtherConverting/Creating General Discussion RavenNuke(tm) v2.3x----------------v2.3 RN Announcementsv2.3 RN Quick Fixesv2.3 RN Issuesv2.3 RN Documentationv2.3 RN Feedback/Suggestions Recommended Reading----------------Reading - AnnouncementsReading - Digital BooksReading - Hard/Soft cover BooksReading - Digital MagazinesReading - Printed Magazines RavenNuke(tm) Addons----------------FCKeditor/WYSIWYG IssuesnukeFeed/FeedCreatorForum Attachment ModnukeSEOShortLinks/TegoNukeNukePie/SimplePie RavenNuke(tm) v2.2x----------------RN v2.20.00 - AnnouncementsRN v2.20.00 - All IssuesRN v2.20.00 - Feedback RavenNuke(tm) v2.10.01----------------RN v2.10.01 - All IssuesRN v2.10.01 - Feedback RavenNuke(tm) v2.10.00----------------RN AnnouncementsRN FAQRN Bug FixesRN Not BugsRN Documentation Issues/SuggestionsRN Enhancement Requests and SuggestionsRN NSN Groups IssuesRN Themes IssuesRN NukeSentinel(tm) issuesRN Installer/Setup IssuesRN Bug Reports - Other IssuesRN Conversion Issues From v2.02RN Conversion Issues From Standard phpNukeRN The Good, The Bad, The Ugly Site Specific Stuff----------------READ ME FIRSTAnnouncementsRaven's v7.0 Customized DistroHack Attempt ScriptRaven's Customized Distribution PacksBUGS/FIXES - Raven's v7.3 Customized DistroCache Lite Admin ModuleNuke Tool Box (TM)Captcha SecurityRaven's RavenNuke(tm) v1.x DistroRaven's RavenNuke(tm) v2.00.00 - v2.02.00 DistroWYSIWYG - Raven's RavenNuke(tm) v2.x DistroUpgrade Pack For RavenNuke(tm) v1.05.00 to v2.02.00Raven's Collapsing Forums BlockGT - Raven's RavenNuke(tm) v2.x DistroRaven's RavenNuke(tm) v2.02.02 DistroPost Fixes - Raven's RavenNuke(tm) v2.02.02 DistroRaven's RavenNuke(tm) v2.10.00Public Testing of RavenNuke(tm) v2.10.00HtAccesser Security----------------Security - PHP NukeSecurity - OtherNukeSentinel(tm) v2.6.xNukeSentinel(tm) v2.5.xNukeSentinel(tm) v2.4.xNukeSentinel(tm)NukeSentinel(tm) Bug ReportsNukeSentinel(tm) Enhancement RequestsNukeSentinel(tm) AnnouncementsEasy IP Ban Reference [eC-IPBR]PHP-Nuke Patched Series By Chatserv Information About Forums----------------Old Forum EntriesPHPBBBB2NukePunBB PHP-Portal Project (Not General phpnuke!)----------------AnnouncementsGeneral - PHP Portal ProjectDevelopersDesign Discussions Scripts - General----------------Post Release FixesBug FixesGeneral/Other StuffHow To'sInstallation HelpPost Installation HelpGT - Next Gen and StandardSeeking applications ...ThemesBlocksModulesMaking Nuke Efficientphpnuke 8.1phpnuke 8.0phpnuke 7.9phpnuke 7.8phpnuke 7.7phpnuke 7.6phpnuke 7.6 Bugs/Fixesphpnuke 7.5phpnuke 7.4phpnuke 7.3phpnuke 7.2phpnuke 7.1phpnuke 7.0phpnuke 6.9phpnuke 6.8Bug Fixes for phpnuke 6.5phpnuke 6.5Gallery/Gallery2CNB Your AccountM2FBrowser Specific IssuesUpgrading NukeNuke Treasury Other CMS/Portal Applications----------------Post NukeNuke PlatinumNuke Evolution PHPBB----------------Stand Alonew/Nuke 6.5w/Nuke 6.9BBtoNuke ModsBBtoNuke General Programming - Server Help----------------PHPMySQLFor HireApacheHTMLCSSJavaScriptServer Help Guestbook Application (KISGB)----------------KISGB General Support Stock Quote Application (KISSQ)----------------KISSQ General Support NSN Scripts----------------NSN NewsNSN GroupsNSN OtherNSN Gr Downloads - a.k.a NukeDepository 6.5 Hacks----------------Old Articles Hack Nuke News Module Hack To Allow Ordering of Articles----------------News Module Hack - AnnouncementsNews Module Hack - BugsNews Module Hack - Enhancement RequestsNews Module Hack - Discussion Other Stuff----------------Other - DiscussionOther - Sites To VisitOther - Chit ChatOther - PoliticsOther - Movie ReviewsOther - The Wastelands of NukeworldOther - Book ReviewsOther - Humor Religion----------------Religion - GeneralPrayer/Praise Requests Potpourri----------------Rants & Raves Guest Editorials----------------My Turn - James R. Sanders  View next topic View previous topic You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Forums ©

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2008 by Raven
Proud to be listed at Lobo Links Web Directory

You can syndicate our news using the file



Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.


:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com ::
:: fisubice Theme Recoded To 100% W3C CSS & HTML 4.01 Transitional Compliance by Raven and 64bitguy ::
:: :: ::

zerosum