| Author |
Message |
MissVicky
New Member
Joined: Mar 23, 2004
Posts: 21
|
 Posted:
Mon Mar 29, 2004 2:48 pm |
|
Although it was not any of my php nuke sites; my web hosts did have a hacker a few weeks ago that attempted to rewrite all index pages of their web clientes.
According to them; it was a php nuke site fopen function that caused the vulnerability. They stated:
-------------------------------------------------------------------
" The version of PHP-Nuke that was compromised used a function called fopen. That function allows people to open up a file from a remote server as if it were local and execute it. When the entire data stream is controlled there should be no problem.
The problem is when user input is trust as valid for the fopen call. In that case it allows anyone who accesses the site to tell it to execute code from anywhere on the internet. Earlier versions of PHP-Nuke are notorious for not verifying user input before passing it on to the fopen call.
I'm not sure if later versions have fixed those problems however given that most people rarely upgrade their software to newer versions with security fixes even if later versions do have the fix any install which isn't running the latest code is vulnerable. "
--------------------------------------------------------------------------------
I would like to know if the newer versions are open to this vulnerability and if so; where and how to prevent it. As you can see; I have no knowledge on this specific content but security is a big issue with me and I want to learn!
Thank you for any input on the fopen that you can provide.
Miss Vicky |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Mon Mar 29, 2004 3:00 pm |
|
It has nothing to do with nuke [only], per se. fopen() [ Only registered users can see links on this board! Get registered or login! ] is a common function in php. Now it is true that badly coded data input may have been compromized that allowed fopen() access to a file that normally it would not have. This may have been an addon or something but I have never heard of an exploit for fopen in nuke. |
Last edited by Raven on Mon Mar 29, 2004 3:02 pm; edited 1 time in total |
|
|
|
|
Raven
|
| Posted:
Mon Mar 29, 2004 3:02 pm |
|
Ask your provider to send along the compromized and I will be happy to look into it. Send it by PM though  |
| |
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Tue Mar 30, 2004 8:52 am |
|
Here is basic exploit info that helps understanding the validation issue in plain english.
[ Only registered users can see links on this board! Get registered or login! ] |
| |
|
|
|
|
Raven
|
| Posted:
Tue Mar 30, 2004 9:07 am |
|
Exactly - input not validated. Thanks Six for the link. MissVicky, please try to get more info from your provider as I requested. As I said I am not aware of any recent versions of Nuke having this "feature". |
| |
|
|
|
|
MissVicky
|
| Posted:
Tue Mar 30, 2004 11:08 am |
|
I sent the request over to them yesterday, Raven and will stay on top of it as well. Thank you again and thank you to Six too!
Miss Vicky |
| |
|
|
|
|
pdoobepd
Worker
Joined: May 07, 2005
Posts: 129
|
| Posted:
Mon Jan 09, 2006 4:41 pm |
|
I would also like more info. on this.
I was told that I need to change coding from FOPEN=On to FOPEN=Off but no where in my mainfile.php does it state FOPEN=On. Which leaves me wondering was this fixed in prior patches to 7.6 patch 3.1 already or does it even apply to the above version???
Ging... |
_________________
 |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Mon Jan 09, 2006 5:08 pm |
|
|
|
|
pdoobepd
|
| Posted:
Tue Jan 10, 2006 10:04 am |
|
I did contact my webhost about the above...However due to the fact they would have to take every site down while the edit is done they are reluctant to do so. I find this rather amusing that they would say the above which is as near to a quote as I can get, and they don't allow access to the files needed for edits due to security reasons...hmmm I just gave them a heads up on a Security Hole and they say they are reluctant to take things down for the time it would take to fix a leak that could result in many sites being taken down by an outsider...
Someone Give me a Big stick  |
| |
|
|
|
|
djmaze
Subject Matter Expert
Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
|
| Posted:
Wed Jan 11, 2006 10:05 pm |
|
Nonsense. Does your host know what he's doing ? 
1. Open php.ini and set
Code:allow_url_fopen = Off
|
2. service apache restart
done.
That would reduce their "99.9% uptime" to "99.89999%" update if you ask me.
P.S. If i was your host you would stay 99.9% cos i don't have to reboot anything when i set that up |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
