Bugtraq mailing list archives
Fwd: Re: phpnuke, security problem...
From: Joao Gouveia <tharbad () kaotik org>
Date: Mon, 12 Feb 2001 11:07:15 -0000
Hi, Due to this reply, i see no reason to delay this. No patch nor new version has been released, for a quick fix, see below. Regards, Joao Gouveia ------------ tharbad () kaotik org Francisco Burzi <fburzi () ncc org ve>
Joao Gouveia wrote:Helo Francisco, There is yet another security flaw with the new phpnuke version. Look here: <quote opendir.php> (...) $REQUEST_URI = strip_tags($REQUEST_URI); $res = explode("$PHP_SELF?", $REQUEST_URI); $odp_cat = $res[1]; if (substr($odp_cat,0,1) == "/") $odp_cat = substr($odp_cat,1); (define $requesturl) (...) </quote> So, you're defining $requesturl based on something like /folder/page just after the call to opendir.php. This is no good, one can simply just don't suply a '/' as the first
argument,
thus allowing to assign our own $requesturl. Example: http://www.phpnuke.org/opendir.php?requesturl=/etc/passwd A simple quick fix would be initiating $requesturl anywhere in the
begining
of the script. <quote> $requesturl=""; </quote> Best regards Joao Gouveia ------------ tharbad () kaotik orgYeah... but just say to me what can you do with a passwd file? just nothing. The important file isn't passwd, is /etc/shadow, right? and you get permission denied on that file... IF you get it you'll need a supercomputer to crack md5 passwords. Just my thoughts. /etc/passwd had problems in the past where crypted passwords was stored in, but now that problem is no more. Best Regards! ============================================= ____ _ _ ____ _ _ _ | _ \| | | | _ \ | \ | |_ _| | _____ | |_) | |_| | |_) | __ | \| | | | | |/ / _ \ | __/| _ | __/ |__|| |\ | |_| | < __/ |_| |_| |_|_| |_| \_|\__,_|_|\_\___| ============================================= Francisco Burzi (NuKeLiTe) fburzi () ncc org ve PHP-Nuke.............................NukeNews http://phpnuke.org http://nukenews.com =============================================
-- Joao Gouveia ------------ tharbad () kaotik org
Current thread:
- Fwd: Re: phpnuke, security problem... Joao Gouveia (Feb 12)
- Re: Fwd: Re: phpnuke, security problem... Peter van Dijk (Feb 12)
- Re: Fwd: Re: phpnuke, security problem... Thomas J. Stensas (Feb 13)
- Re: Fwd: Re: phpnuke, security problem... sam mulvey (Feb 13)
- Re: Fwd: Re: phpnuke, security problem... Peter van Dijk (Feb 12)