Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
VinDSL
Life Cycles Becoming CPU Cycles


Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com

PostPosted: Wed Mar 08, 2006 3:12 am Reply with quote

Here's a weird one for you: Only registered users can see links on this board! Get registered or login!

Just happened to run across it while I was searching for the latest PHP-Nuke vulns...

When did this start?

For example, type 'PHP-Nuke 6.0 Final' in the search box and see what comes up. Shocked

Interesting, yes?

_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. 
View user's profile Send private message Visit poster's website ICQ Number
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Wed Mar 08, 2006 5:32 am Reply with quote

hhmmm... that is interesting indeed. It would be great if we knew which ones have been addressed via patches. Obviously, NukeSentinel will stop some of these, but, of course, its always better to have better written code!

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Mar 08, 2006 9:12 am Reply with quote

Wow - pretty comprehensive set of links .. SecurityReason, SecurityFocus, Secunia. Good to know they aren't missing out, and it helps us tremendously by all the cross-posted issues into one item. Good on their descriptions too

Time to get cracking.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
evaders99
PostPosted: Wed Mar 08, 2006 10:44 am Reply with quote

I went through all the latest reports. I'm surprised, one report even got linked back to NukeFixes
Here's one fix - Only registered users can see links on this board! Get registered or login!

Others seem to be correct in the Patched, except for this one Only registered users can see links on this board! Get registered or login!

It is a flawed code from concept. I'm not sure exactly how to correct it - the CAPCHA code is something I'm not too familiar with. How do other systems manage to maintain a randomization that is designed to be used once?
 
VinDSL
PostPosted: Wed Mar 08, 2006 5:13 pm Reply with quote

evaders99 wrote:
Time to get cracking...

LoL! And, Raven says my puns are getting bad... killing me
 
VinDSL
PostPosted: Wed Mar 08, 2006 5:25 pm Reply with quote

Hrm...

I wonder if cowboy knows about this one:
Only registered users can see links on this board! Get registered or login!

I don't see a link to his site in the summary...

[edit] Nevermind! I see it's been patched in CVS. [/edit]
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Wed Mar 08, 2006 5:53 pm Reply with quote

evaders99 wrote:
I went through all the latest reports. I'm surprised, one report even got linked back to NukeFixes
Here's one fix - Only registered users can see links on this board! Get registered or login!

Others seem to be correct in the Patched, except for this one Only registered users can see links on this board! Get registered or login!

It is a flawed code from concept. I'm not sure exactly how to correct it - the CAPCHA code is something I'm not too familiar with. How do other systems manage to maintain a randomization that is designed to be used once?

Nuke doesn't really use a captcha. That would be FAR beyond FB's ability and he just hasn't found one to steal yet killing me You are correct in the fact that it is a foundational flaw and the only way to correct it is to reconstruct.
 
View user's profile Send private message
evaders99
PostPosted: Wed Mar 08, 2006 10:15 pm Reply with quote

Aye.. time to steal from phpBB? Smile
 
guidyy
Worker
Worker


Joined: Nov 22, 2004
Posts: 208
Location: Italy

PostPosted: Wed Mar 08, 2006 11:32 pm Reply with quote

not to be the devil's advocate, but, about security, phpBB coding aint this great.....
guido
 
View user's profile Send private message Visit poster's website MSN Messenger
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©