| Author |
Message |
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
 Posted:
Tue Oct 14, 2003 1:16 pm |
|
To fix the admin.php security exploit, you need to edit admin.php. Your beginning code in admin.php will look something like thisCode:<?php
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
require_once("mainfile.php");
get_lang(admin);
|
Modify it to look like thisCode:<?php
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
$nastyGram = "<center>::<br />Thanks for providing me with your connection information!<br />You have been caught attempting to break into my site and appropriate action will be taken.<br />::</center>";
$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
require_once("mainfile.php");
include("header.php");
OpenTable();
echo $nastyGram;
CloseTable();
include "footer.php";
die();
}
require_once("mainfile.php");
get_lang(admin);
|
The $nastyGram variable can be modified to be whatever you want it to. You could display a message and then relocate them to the FBI page for something novel  . |
| |
|
|
|
blith
Client
Joined: Jul 18, 2003
Posts: 977
|
| Posted:
Tue Oct 14, 2003 2:18 pm |
|
this is nice!! Can we check to see if it is working somehow? |
| |
|
|
|
Raven
|
| Posted:
Tue Oct 14, 2003 2:25 pm |
|
The exploit was being accessed through code like this. I will only give enough to allow you to test - don't want to publish more than that here.
http://yoursite.com/admin.php?admin=blahblah
That should be enough to test it. |
| |
|
|
|
|
blith
|
| Posted:
Tue Oct 14, 2003 2:30 pm |
|
oh okay thanks... thanks for being on the lookout Mr. Raven!! |
| |
|
|
|
|
fury
Worker
Joined: Sep 09, 2003
Posts: 165
|
| Posted:
Tue Oct 14, 2003 2:35 pm |
|
hehehehehe works great thanks Raven |
| |
|
|
|
|
mattomus
New Member
Joined: Aug 01, 2003
Posts: 5
|
| Posted:
Wed Oct 15, 2003 12:41 pm |
|
Great work!
Is there a way to perhaps pm or e-mail the admin(s) when this message is displayed, so they can manually or automatically take corrective action? |
| |
|
|
|
|
Raven
|
| Posted:
Wed Oct 15, 2003 1:11 pm |
|
|
|
|
|
Frogger
Worker
Joined: Oct 06, 2003
Posts: 108
|
| Posted:
Wed Oct 15, 2003 3:16 pm |
|
Kewl. Works Great! |
_________________
Only registered users can see links on this board! Get registered or login! |
|
 
 |
|
mattomus
|
| Posted:
Thu Oct 16, 2003 12:58 am |
|
Oops, I said admin(s) what I meant to say is that a site administrator(s) that has just had this exploit or one like it, run on her/his patched site, by someone other than himself/herself, could probably benefit from knowing about the incident sooner rather than later.
For instance, it might be useful for that site administrator to be notified via e-mail or instant message, with the connection information and details of visitors that have been presented with the $nastyGram on their site(s). In this way they could manually take action, if that was what they wanted to do.
Another idea that comes to mind is the following:
If the ip address of the visitor that has been presented with the $nastyGram is not equal that of the true site administrator, then the ip address of that visitor might be automatically banned?
I do not have the skills required to implement the above ideas at this time, I am Just thinking out loud. |
| |
|
|
|
|
Frogger
|
| Posted:
Thu Oct 16, 2003 8:00 am |
|
The Protector 1.13b mod can help with that.
You can find it at Only registered users can see links on this board! Get registered or login!
It protects admin IPs and you can also assign members to the protection.
It autobans and gives you the option to add more, tracks ips, who/where online, how long, reverse lookup, etc.. |
| |
|
|
|
|
mattomus
|
| Posted:
Thu Oct 16, 2003 3:40 pm |
|
Thanks for the tip frogger, this looks great! Is there a mod availible for 1.13b? |
| |
|
|
|
|
Frogger
|
| Posted:
Thu Oct 16, 2003 9:40 pm |
|
| mattomus wrote: | | Thanks for the tip frogger, this looks great! Is there a mod availible for 1.13b? |
I just woke up, so the ole grey cells aren't fully functional at the moment, so . . .
Not sure what you mean. Sounds like you found the site and the mod.
If you're not in a hurry to get Protector, you should wait until 1.14b is available sometime this week. |
| |
|
|
|
|
mattomus
|
| Posted:
Fri Oct 17, 2003 10:28 am |
|
I will wait for 1.14b
thank you |
| |
|
|
|
|
Frogger
|
| Posted:
Tue Oct 21, 2003 7:50 am |
|
What is the difference between these two fixes to the admin.php? Is all that stuff in the other code really necessary to fix the problem being addressed?
Your fix
Code:$nastyGram = "<center>::<br />Thanks for providing me with your connection information!<br />You have been caught attempting to break into my site and appropriate action will be taken.<br />::</center>";
$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
require_once("mainfile.php");
include("header.php");
OpenTable();
echo $nastyGram;
CloseTable();
include "footer.php";
die();
}
require_once("mainfile.php");
get_lang(admin);
|
Fix posted at the other site.....
Code:$checkmyurl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkmyurl")) {
echo "die";
exit;
}
require_once("mainfile.php");
get_lang(admin);
function create_first($name, $url, $email, $pwd, $user_new) {
global $prefix, $db, $user_prefix;
$first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
if ($first == 0) {
$pwd = md5($pwd);
$the_adm = "God";
$sql = "INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '')";
$db->sql_query($sql);
if ($user_new == 1) {
$user_regdate = date("M d, Y");
$user_avatar = "blank.gif";
$commentlimit = 4096;
if ($url == "http://") { $url = ""; }
$sql = "INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')";
$db->sql_query($sql);
}
login();
}
}
|
|
| |
|
|
|
|
Raven
|
| Posted:
Tue Oct 21, 2003 7:52 am |
|
Code:$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
|
You need this code at a minimum. The other is at your discretion. |
| |
|
|
|
|
Frogger
|
| Posted:
Tue Oct 21, 2003 9:36 am |
|
As I thought....pretty much overkill, then.
I'm using your code.  Was just wondering about the other. |
| |
|
|
|
|
southern
Client
Joined: Jan 29, 2004
Posts: 624
|
| Posted:
Fri Jan 30, 2004 3:08 pm |
|
| Frogger wrote: | The Protector 1.13b mod can help with that.
You can find it at Only registered users can see links on this board! Get registered or login!
It protects admin IPs and you can also assign members to the protection.
It autobans and gives you the option to add more, tracks ips, who/where online, how long, reverse lookup, etc.. |
Oh, I can attest to the efficacy of the Protector! I have it on my site and just from idle, mindless curiosity I ran Raven's snippet above and behold I banned myself.
{ edited by admin at user's request }
Go ahead, click that link. I dare you! Now I have to figure out how to unban myself, any ideas? |
Last edited by southern on Tue Aug 21, 2007 7:43 pm; edited 1 time in total |
|
|
|
|
Raven
|
| Posted:
Fri Jan 30, 2004 4:06 pm |
|
Uninstall it. It's a known bug. |
| |
|
|
|
|
southern
|
| Posted:
Fri Jan 30, 2004 5:14 pm |
|
| Raven wrote: | | Uninstall it. It's a known bug. |
OK. Live and learn... I hate full moons! |
| |
|
|
|
|
gazj
Worker
Joined: Apr 28, 2006
Posts: 152
Location: doncaster england
|
| Posted:
Mon Apr 14, 2008 11:30 pm |
|
this exploit is now fixed in the latest nuke patched series so upgrade to that to fix the problem |
_________________
as i stare into the abyss and battle with my demons i yell timeout and have a coffee break. |
|
|
|
|
Raven
|
| Posted:
Tue Apr 15, 2008 1:25 am |
|
Gazj,
Thanks for this information but you are replying to a post that is over 4 years old  . This has long since been put to rest  |
| |
|
|
|
|
gazj
|
| Posted:
Tue Apr 15, 2008 1:38 am |
|
i know buddy but just saying as some people that isnt nuke minded wont know the differnce and ask a question anyways  |
| |
|
|
|
|
southern
|
| Posted:
Tue Apr 15, 2008 8:58 pm |
|
That beats my record for oldest post replied to lol |
| |
|
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Wed Apr 16, 2008 6:57 am |
|
| gazj wrote: | | i know buddy but just saying as some people that isnt nuke minded wont know the differnce and ask a question anyways |
Well then you have a lot of work cut out for you with all the threads here. |
_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module |
|
|
|
|
sebastiaan
New Member
Joined: Apr 27, 2009
Posts: 21
Location: The Netherlands
|
| Posted:
Sat Jul 18, 2009 1:44 am |
|
| Raven wrote: | To fix the admin.php security exploit, you need to edit admin.php. Your beginning code in admin.php will look something like thisCode:<?php
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
require_once("mainfile.php");
get_lang(admin);
|
Modify it to look like thisCode:<?php
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
$nastyGram = "<center>::<br />Thanks for providing me with your connection information!<br />You have been caught attempting to break into my site and appropriate action will be taken.<br />::</center>";
$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
require_once("mainfile.php");
include("header.php");
OpenTable();
echo $nastyGram;
CloseTable();
include "footer.php";
die();
}
require_once("mainfile.php");
get_lang(admin);
|
The $nastyGram variable can be modified to be whatever you want it to. You could display a message and then relocate them to the FBI page for something novel . |
Code:translated to dutch:
<?php
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
$nastyGram = "<center>::<br />Dank voor het leggen van deze verbinding!<br />You Alleen je hebt nu een probleem, je ben aangemeld als hacking athempt.<br />::</center>";
$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
require_once("mainfile.php");
include("header.php");
OpenTable();
echo $nastyGram;
CloseTable();
include "footer.php";
die();
}
require_once("mainfile.php");
get_lang(admin);
|
|
Last edited by sebastiaan on Sat Jul 18, 2009 2:32 am; edited 1 time in total |
|
 |
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
