Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Tue Oct 14, 2003 1:16 pm Reply with quote

To fix the admin.php security exploit, you need to edit admin.php. Your beginning code in admin.php will look something like this
Code:
<?php


/************************************************************************/
/* PHP-NUKE: Advanced Content Management System                         */
/* ============================================                         */
/*                                                                      */
/* Copyright (c) 2002 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************/

require_once("mainfile.php");
get_lang(admin);
Modify it to look like this
Code:
<?php


/************************************************************************/
/* PHP-NUKE: Advanced Content Management System                         */
/* ============================================                         */
/*                                                                      */
/* Copyright (c) 2002 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************/
$nastyGram = "<center>::<br />Thanks for providing me with your connection information!<br />You have been caught attempting to break into my site and appropriate action will be taken.<br />::</center>";
$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
   require_once("mainfile.php");
    include("header.php");
    OpenTable();
   echo $nastyGram;
   CloseTable();
   include "footer.php";
   die();
}

require_once("mainfile.php");
get_lang(admin);
The $nastyGram variable can be modified to be whatever you want it to. You could display a message and then relocate them to the FBI page for something novel Laughing.
 
View user's profile Send private message
blith
Client


Joined: Jul 18, 2003
Posts: 977

PostPosted: Tue Oct 14, 2003 2:18 pm Reply with quote

this is nice!! Can we check to see if it is working somehow?
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Tue Oct 14, 2003 2:25 pm Reply with quote

The exploit was being accessed through code like this. I will only give enough to allow you to test - don't want to publish more than that here.
Only registered users can see links on this board! Get registered or login!

That should be enough to test it.
 
blith
PostPosted: Tue Oct 14, 2003 2:30 pm Reply with quote

oh okay thanks... thanks for being on the lookout Mr. Raven!!
 
fury
Worker
Worker


Joined: Sep 09, 2003
Posts: 165

PostPosted: Tue Oct 14, 2003 2:35 pm Reply with quote

hehehehehe works great thanks Raven
 
View user's profile Send private message
mattomus
New Member
New Member


Joined: Aug 01, 2003
Posts: 5

PostPosted: Wed Oct 15, 2003 12:41 pm Reply with quote

Great work!

Is there a way to perhaps pm or e-mail the admin(s) when this message is displayed, so they can manually or automatically take corrective action?
 
View user's profile Send private message
Raven
PostPosted: Wed Oct 15, 2003 1:11 pm Reply with quote

What admins?
 
Frogger
Worker
Worker


Joined: Oct 06, 2003
Posts: 108

PostPosted: Wed Oct 15, 2003 3:16 pm Reply with quote

Kewl. Works Great!

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger ICQ Number
mattomus
PostPosted: Thu Oct 16, 2003 12:58 am Reply with quote

Oops, I said admin(s) what I meant to say is that a site administrator(s) that has just had this exploit or one like it, run on her/his patched site, by someone other than himself/herself, could probably benefit from knowing about the incident sooner rather than later.

For instance, it might be useful for that site administrator to be notified via e-mail or instant message, with the connection information and details of visitors that have been presented with the $nastyGram on their site(s). In this way they could manually take action, if that was what they wanted to do.

Another idea that comes to mind is the following:

If the ip address of the visitor that has been presented with the $nastyGram is not equal that of the true site administrator, then the ip address of that visitor might be automatically banned?

I do not have the skills required to implement the above ideas at this time, I am Just thinking out loud.
 
Frogger
PostPosted: Thu Oct 16, 2003 8:00 am Reply with quote

The Protector 1.13b mod can help with that.

You can find it at Only registered users can see links on this board! Get registered or login!

It protects admin IPs and you can also assign members to the protection.

It autobans and gives you the option to add more, tracks ips, who/where online, how long, reverse lookup, etc..
 
mattomus
PostPosted: Thu Oct 16, 2003 3:40 pm Reply with quote

Thanks for the tip frogger, this looks great! Is there a mod availible for 1.13b?
 
Frogger
PostPosted: Thu Oct 16, 2003 9:40 pm Reply with quote

mattomus wrote:
Thanks for the tip frogger, this looks great! Is there a mod availible for 1.13b?


I just woke up, so the ole grey cells aren't fully functional at the moment, so . . .

Not sure what you mean. Sounds like you found the site and the mod.

If you're not in a hurry to get Protector, you should wait until 1.14b is available sometime this week.
 
mattomus
PostPosted: Fri Oct 17, 2003 10:28 am Reply with quote

I will wait for 1.14b

thank you
 
Frogger
PostPosted: Tue Oct 21, 2003 7:50 am Reply with quote

What is the difference between these two fixes to the admin.php? Is all that stuff in the other code really necessary to fix the problem being addressed?

Your fix

Code:
$nastyGram = "<center>::<br />Thanks for providing me with your connection information!<br />You have been caught attempting to break into my site and appropriate action will be taken.<br />::</center>"; 

$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
   require_once("mainfile.php");
    include("header.php");
    OpenTable();
   echo $nastyGram;
   CloseTable();
   include "footer.php";
   die();
}

require_once("mainfile.php");
get_lang(admin);


Fix posted at the other site.....

Code:
$checkmyurl = getenv("REQUEST_URI"); 


if (preg_match("/\?admin/", "$checkmyurl")) {
echo "die";
exit;
}
require_once("mainfile.php");
get_lang(admin);

function create_first($name, $url, $email, $pwd, $user_new) {
    global $prefix, $db, $user_prefix;
    $first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
    if ($first == 0) {
    $pwd = md5($pwd);
    $the_adm = "God";
    $sql = "INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '')";
    $db->sql_query($sql);
    if ($user_new == 1) {
        $user_regdate = date("M d, Y");
        $user_avatar = "blank.gif";
        $commentlimit = 4096;
        if ($url == "http://") { $url = ""; }
            $sql = "INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')";
        $db->sql_query($sql);
    }
    login();
    }
}
 
Raven
PostPosted: Tue Oct 21, 2003 7:52 am Reply with quote

Code:
$myPHPVersion = str_replace('.','',phpversion()); 

if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
You need this code at a minimum. The other is at your discretion.
 
Frogger
PostPosted: Tue Oct 21, 2003 9:36 am Reply with quote

As I thought....pretty much overkill, then.

I'm using your code. Smile Was just wondering about the other.
 
southern
Client


Joined: Jan 29, 2004
Posts: 591
Location: Texas

PostPosted: Fri Jan 30, 2004 3:08 pm Reply with quote

Frogger wrote:
The Protector 1.13b mod can help with that.

You can find it at Only registered users can see links on this board! Get registered or login!

It protects admin IPs and you can also assign members to the protection.

It autobans and gives you the option to add more, tracks ips, who/where online, how long, reverse lookup, etc..


Oh, I can attest to the efficacy of the Protector! I have it on my site and just from idle, mindless curiosity I ran Raven's snippet above and behold I banned myself.
{ edited by admin at user's request }
Go ahead, click that link. I dare you! Now I have to figure out how to unban myself, any ideas?


Last edited by southern on Tue Aug 21, 2007 7:43 pm; edited 1 time in total 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
Raven
PostPosted: Fri Jan 30, 2004 4:06 pm Reply with quote

Uninstall it. It's a known bug.
 
southern
PostPosted: Fri Jan 30, 2004 5:14 pm Reply with quote

Raven wrote:
Uninstall it. It's a known bug.


OK. Live and learn... I hate full moons!
 
gazj
Worker
Worker


Joined: Apr 28, 2006
Posts: 152
Location: doncaster england

PostPosted: Mon Apr 14, 2008 11:30 pm Reply with quote

this exploit is now fixed in the latest nuke patched series so upgrade to that to fix the problem Smile

_________________
as i stare into the abyss and battle with my demons i yell timeout and have a coffee break. 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Tue Apr 15, 2008 1:25 am Reply with quote

Gazj,

Thanks for this information but you are replying to a post that is over 4 years old Smack . This has long since been put to rest Wink
 
gazj
PostPosted: Tue Apr 15, 2008 1:38 am Reply with quote

i know buddy but just saying as some people that isnt nuke minded wont know the differnce and ask a question anyways Razz
 
southern
PostPosted: Tue Apr 15, 2008 8:58 pm Reply with quote

That beats my record for oldest post replied to lol
 
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Wed Apr 16, 2008 6:57 am Reply with quote

gazj wrote:
i know buddy but just saying as some people that isnt nuke minded wont know the differnce and ask a question anyways Razz


Well then you have a lot of work cut out for you with all the threads here. Laughing

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
sebastiaan
New Member
New Member


Joined: Apr 27, 2009
Posts: 21
Location: The Netherlands

PostPosted: Sat Jul 18, 2009 1:44 am Reply with quote

Raven wrote:
To fix the admin.php security exploit, you need to edit admin.php. Your beginning code in admin.php will look something like this
Code:
<?php


/************************************************************************/
/* PHP-NUKE: Advanced Content Management System                         */
/* ============================================                         */
/*                                                                      */
/* Copyright (c) 2002 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************/

require_once("mainfile.php");
get_lang(admin);
Modify it to look like this
Code:
<?php


/************************************************************************/
/* PHP-NUKE: Advanced Content Management System                         */
/* ============================================                         */
/*                                                                      */
/* Copyright (c) 2002 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************/
$nastyGram = "<center>::<br />Thanks for providing me with your connection information!<br />You have been caught attempting to break into my site and appropriate action will be taken.<br />::</center>";
$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
   require_once("mainfile.php");
    include("header.php");
    OpenTable();
   echo $nastyGram;
   CloseTable();
   include "footer.php";
   die();
}

require_once("mainfile.php");
get_lang(admin);
The $nastyGram variable can be modified to be whatever you want it to. You could display a message and then relocate them to the FBI page for something novel Laughing.


Code:
translated to dutch:



<?php

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System                         */
/* ============================================                         */
/*                                                                      */
/* Copyright (c) 2002 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************/
$nastyGram = "<center>::<br />Dank voor het leggen van deze verbinding!<br />You Alleen je hebt nu een probleem, je ben aangemeld als hacking athempt.<br />::</center>";
$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
   require_once("mainfile.php");
    include("header.php");
    OpenTable();
   echo $nastyGram;
   CloseTable();
   include "footer.php";
   die();
}

require_once("mainfile.php");
get_lang(admin);


Last edited by sebastiaan on Sat Jul 18, 2009 2:32 am; edited 1 time in total 
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©