Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Gremmie
Former Moderator in Good Standing



Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Tue Mar 13, 2007 6:42 pm Reply with quote

My days are numbered with PHP-Nuke 7.9, but I thought I would pass this along.

Regarding this story....

I am running 7.9 with the 3.2 patches. My site only runs English, no multi-lingual options, so I sledge-hammered a fix for this exploit.

I went in to mainfile.php and found this code:

Code:


if (!defined('FORUM_ADMIN')) {
    if ((isset($newlang)) AND (stristr($newlang,"."))) {
      if (file_exists("language/lang-".$newlang.".php")) {
         setcookie("lang",$newlang,time()+31536000);
         include_once("language/lang-".$newlang.".php");
         $currentlang = $newlang;
      } else {
         setcookie("lang",$language,time()+31536000);
         include_once("language/lang-".$language.".php");
         $currentlang = $language;
      }
   } elseif (isset($lang)) {
      include_once("language/lang-".$lang.".php");
      $currentlang = $lang;
   } else {
      setcookie("lang",$language,time()+31536000);
      include_once("language/lang-".$language.".php");
      $currentlang = $language;
   }
}


and changed it to this:

Code:


$currentlang = 'english'; 
if (!defined('FORUM_ADMIN')) {
   include_once('language/lang-'.$language.'.php');
   $currentlang = $language;
}


Comments?

_________________
GCalendar - An Event Calendar for PHP-Nuke
Member_Map - A Google Maps Nuke Module 
View user's profile Send private message
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221

PostPosted: Tue Mar 13, 2007 9:38 pm Reply with quote

Well that would disable the multi-language features completely. The full code the Patched files use is

Code:


if (!defined('FORUM_ADMIN')) {
   if (($multilingual == 1) AND isset($newlang) AND !stristr($newlang,".")) {
      $newlang = check_html($newlang, "nohtml");
      if (file_exists("language/lang-".$newlang.".php")) {
         setcookie("lang",$newlang,time()+31536000);
         include_once("language/lang-".$newlang.".php");
         $currentlang = $newlang;
      } else {
         setcookie("lang",$language,time()+31536000);
         include_once("language/lang-".$language.".php");
         $currentlang = $language;
      }
   } elseif (($multilingual == 1) AND isset($lang) AND !stristr($lang,".")) {
      $lang = check_html($lang, "nohtml");
      if (file_exists("language/lang-".$lang.".php")) {
         setcookie("lang",$lang,time()+31536000);
         include_once("language/lang-".$lang.".php");
         $currentlang = $lang;
      } else {
         setcookie("lang",$language,time()+31536000);
         include_once("language/lang-".$language.".php");
         $currentlang = $language;
      }
   } else {
      setcookie("lang",$language,time()+31536000);
      include_once("language/lang-".$language.".php");
      $currentlang = $language;
   }
}

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
Gremmie







PostPosted: Wed Mar 14, 2007 6:50 am Reply with quote

Thanks for posting the full code. Mine was admittedly a quick hack not intended for general use.

I gather that the block that lets you switch languages is the thing that actually sets $newlang (in a _POST or _GET)?
 
evaders99







PostPosted: Wed Mar 14, 2007 5:44 pm Reply with quote

I believe it should. At least its working in 7.8 Patched and lower
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©