Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Announcements
Author Message
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Mon May 03, 2004 8:40 am Reply with quote

XSS and full path disclosure in PhpNuke Reported by waraxe.

Open all files (except .htaccess and index.html) contained in admin/links and add the following right after the file credits:

Code:
if (!eregi("admin.php", $_SERVER['PHP_SELF'])) { die ("Access Denied"); }


Open modules/Statistics/index.php and find:
Code:
$pagetitle = "- "._STATS."";

Right below that line add:
Code:
if (isset($year)) {

    $year = intval($year);
}



The patches have yet to be updated so apply these manually, i will update them ASAP, my thanks to Sting for the heads up.
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Mon May 03, 2004 9:05 am Reply with quote

Thanks Sting and Chatserv!
 
View user's profile Send private message
chatserv
PostPosted: Mon May 03, 2004 9:07 am Reply with quote

Thanks Raven.

Users of the 6.0 patch may need to alter the admin/links line posted above if their php version is old, the line in this case would be:

Code:
if (!eregi("admin.php", $PHP_SELF)) { die ("Access Denied"); }
 
GanjaUK
Life Cycles Becoming CPU Cycles


Joined: Feb 14, 2004
Posts: 633
Location: England

PostPosted: Mon May 03, 2004 9:59 am Reply with quote

I can sleep easy at night because of your patches chatserv. Shocked

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
ballymuntrev
Hangin' Around


Joined: Mar 22, 2004
Posts: 49

PostPosted: Thu May 06, 2004 5:06 pm Reply with quote

Yeah thanks m8, I just patched all mine now too Smile
 
View user's profile Send private message Visit poster's website
Muffin
Client


Joined: Apr 10, 2004
Posts: 649
Location: UK

PostPosted: Sun Aug 01, 2004 5:49 am Reply with quote

Are these added to the latest patched files download Chat? Or do we have to add them ourselves?

Thanks for keeping us safe

_________________
Classic Mini rules the bends & bends the rules!
[img] 
View user's profile Send private message
chatserv
PostPosted: Sun Aug 01, 2004 7:28 pm Reply with quote

Yes they were added.
 
Muffin
PostPosted: Mon Aug 02, 2004 7:09 am Reply with quote

thank you Chat
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Announcements

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©