Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
daftandhungry
New Member
New Member



Joined: Dec 30, 2008
Posts: 14

PostPosted: Fri Nov 05, 2010 4:40 am Reply with quote

Hey all.

A friend of mines site was just hacked tonight. He was using mybb and they wiped it and had just installed php-nuke platinum and they just took that down as well. He sent me this if it means anything to you security gurus.

Referer: none
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.12) Gecko/20101026 AskTbCS2/3.9.1.14019 Firefox/3.6.12 (.NET CLR 3.5.30729)
HTTP Host: [ Only registered users can see links on this board! Get registered or login! ]
Script Name: /forums/modules.php
Query String: name=Forums&file=search&mode=results
Get String: name=Forums&file=search&mode=results
Post String: search_keywords=<script>alert(bad_tag);</script>&search_terms=any&search_author=<script>alert(bad_tag);</script>&search_forum=-1&search_time=0&search_fields=all&search_cat=-1&sort_by=0&sort_dir=DESC&show_results=topics&return_chars=200
Forwarded For: none
Client IP: none
Remote Address: 74.63.112.138
Remote Port: 60572
Request Method: POST

Is this an old exploit that can still be used on platinum or is it something new as sentinel didn't stop it.

If it is platinum problem is ravennuke vulnerable to these exploits as well?


Thanks.

Regards,

Scott
 
View user's profile Send private message
spasticdonkey
RavenNuke(tm) Development Team



Joined: Dec 02, 2006
Posts: 1693
Location: Texas, USA

PostPosted: Fri Nov 05, 2010 6:48 am Reply with quote

Do you know what version of phpbb was included with php-nuke platinum? When was php-nuke platinum last released? There were some known exploits to the forums search code, I going to guess your friend was using an old version of phpbb... but can't say for sure as I have no familiarity with php-nuke platinum.
 
View user's profile Send private message Visit poster's website
hicuxunicorniobestbuildpc
The Mouse Is Extension Of Arm



Joined: Aug 13, 2009
Posts: 1122

PostPosted: Fri Nov 05, 2010 6:50 am Reply with quote

Hi, I don't think those codes were causing anything because I just tested and I got blockated with NSentinel. This could be another secutity issue in platinum.


Quote:
=<script>alert(bad_tag);</script>&search_terms=any&search_author=<script>alert(bad_tag);</script>&search_forum=-1&search_time=0&search_fields=all&search_cat=-1&sort_by=0&sort_dir=DESC&show_results=topics&return_chars=200
 
View user's profile Send private message
jakec
Site Admin



Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Fri Nov 05, 2010 7:43 am Reply with quote

Because they hacked mybb and now Nuke Platinum I suspect they might have a back door to the server. I would change all the password to cPanel, FTP etc.

You should be safe with RavenNuke. Wink
 
View user's profile Send private message
daftandhungry







PostPosted: Fri Nov 05, 2010 1:17 pm Reply with quote

Thanks for the replies guys.

I'm unsure what version of platinum it was, it was a recent install (2 or 3 days) and only just downloaded then so I am guessing it was whatever the latest version is that is available.

I use RN myself and am confident in it.

I posted this just in case it was something new. I'm trying to convince him to use RN but at the end of the day it is his site. I just don't want to see him consistently lose his site to people with nothing better to do.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©