Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
izone
Involved
Involved


Joined: Sep 07, 2004
Posts: 354
Location: Sweden

PostPosted: Mon Sep 19, 2005 4:28 am Reply with quote

Hi

I've got a new Exploit for Nuke 7,8 but I don't know:

- if it works even with last ver. of Sentinel and patch 3,1

- Who and where can I send it to look at it.

The person who send me this call himself a Hacker. He "just wanted to help me and other about this brand new Exploit" !!!

I don't wana send it here of security reason. Who shall I send it to?

Thanks!
 
View user's profile Send private message
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Mon Sep 19, 2005 9:22 am Reply with quote

Does it still work after applying this? Only registered users can see links on this board! Get registered or login!

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
izone
PostPosted: Mon Sep 19, 2005 9:36 am Reply with quote

I don't know. I hope some of moderator or Raven could have look at it.
 
technocrat
PostPosted: Mon Sep 19, 2005 9:41 am Reply with quote

I pay pretty close attention to hacker websites and watch what the script kiddies are up to. To my knowledge the only exploit out there is fixed by what I posted. Though Sentinel (if configured correctly) should stop any Union attacks.
 
izone
PostPosted: Mon Sep 19, 2005 10:02 am Reply with quote

I'll send you link to this one u can see what it is. thanks.
 
technocrat
PostPosted: Mon Sep 19, 2005 10:07 am Reply with quote

If you feel comfortable sending it to me, I would be happy to take a look it and see what the deal is.
 
izone
PostPosted: Mon Sep 19, 2005 10:12 am Reply with quote

Sent it by pm.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Mon Sep 19, 2005 10:39 am Reply with quote

Please send it to me also. Thanks!
 
View user's profile Send private message
technocrat
PostPosted: Mon Sep 19, 2005 10:54 am Reply with quote

Yeah that's the hack that should be fixed by the post I gave out. Also it should be picked up by Sentinel since its using a standard UNION exploit.
 
izone
PostPosted: Mon Sep 19, 2005 11:29 am Reply with quote

Raven, I sent it to you too.

Please let us know if it is something to be worry about.
 
izone
PostPosted: Mon Sep 19, 2005 11:31 am Reply with quote

Acctuelly I don't know the person who sent this to me. He maybee is just a script kiddie. But I had to take it up here to be sure.
 
Raven
PostPosted: Mon Sep 19, 2005 2:16 pm Reply with quote

NukeSentinel should stop that w/o any problems at all Smile
 
djmaze
Subject Matter Expert


Joined: May 15, 2004
Posts: 719
Location: http://tinyurl.com/5z8dmv

PostPosted: Mon Sep 19, 2005 5:04 pm Reply with quote

there are more ways to exploit a database and one of them is by using "no-break spaces" these spaces are not the binary code \x20 but are \xA0 and since most systems don't check on the \xA0 a security issue is born.
 
View user's profile Send private message Visit poster's website
Quake
New Member
New Member


Joined: Feb 02, 2005
Posts: 12

PostPosted: Mon Sep 26, 2005 11:43 am Reply with quote

djmaze wrote:
there are more ways to exploit a database and one of them is by using "no-break spaces" these spaces are not the binary code \x20 but are \xA0 and since most systems don't check on the \xA0 a security issue is born.


Is there a way to check that? Is it a script issue or a real php issue.
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©