Ravens PHP Scripts: Forums


View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message

Joined: Apr 23, 2005
Posts: 95

PostPosted: Mon May 02, 2005 12:59 pm Reply with quote

I dont get this thing.. what if someone gets my md5 hash does it means that my site will get hacked?
View user's profile Send private message
Site Admin

Joined: Jun 04, 2004
Posts: 6383

PostPosted: Mon May 02, 2005 2:47 pm Reply with quote

A quick Google search uncovered the explanation below from the PHP-Nuke website itself (unnecessary portions have been removed). The type of attack described below would be very difficult and time consuming - there are much easier ways to achieve those results. Though there may still be issues with specific modules that do not use standard database access methods, using a security tool like NukeSentinel with HTTP Admin Authentication will significantly help prevent attacks and attempts to gain unauthorized access.

From PHP-Nuke.org:
"In an attempt to prevent scripted bots from either generating new user accounts or attempting brute force password cracking against PHP-Nuke portals, the security graphic had been added.

The process begins within the PHP code to generate a random number. That number is then stored in a URL that is resent to the security image creation engine as the login page is being generated:


The security graphic engine takes the random number and makes an MD5 encryption of it concatenated with other elements such as the $sitekey, $datekey, and the member's http_user_agent.

At this point the MD5 hash value is switched over to hexadecimal and stored in a variable whereby at a certain starting point (2 by default) a total of x places are read and stored (by default 6).

A potential security risk exists if the default $sitekey value is not changed because a malicious user can manually map out on a PHP-Nuke portal in a one to one relationship between random_num and the number shown in the image. So long as the following values do not change:

# $sitekey
# $datekey
# $random_num

The number shown back in the security image will always be the same. Such a mapping would be tedious to complete manually, but the possibility exists nonetheless.

Out of the four variables above, the user can manipulate only two:

# $random_num

This effectively means that the entire process of mapping out the one to one relationship must occur in a single day due to the $datekey parameter. Each day adds a new value to the hexadecimal/MD5 concatenation process.

Lets take this a step further. If a PHP-Nuke webmaster does not change their default $sitekey parameter this could still open them up to attack. A malicious user may install a default PHP-Nuke portal on their own system and now they have access to manipulate all of the four variables above.

This means they can change the date on their system, altering the $datekey to each day of the year, and manually map out all the random_num values to their respective security image code values. At this point, they have a full database for every day of the year that can be used maliciously against default $sitekey value PHP-Nuke sites. With such data, a script can be written to check the random_num value, ie:


And such a script could call up the corresponding security code value thereby rendering the purpose behind it useless.

Conclusion? Change your $sitekey immediately from the default value, and change it often."

I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
View user's profile Send private message
Hangin' Around

Joined: Jun 25, 2004
Posts: 32

PostPosted: Tue May 03, 2005 1:28 am Reply with quote

md5 is simply an encryption system - input any string of text and get back a 16 character version of it . Generally used for password encryption but as shown in the post above, it has many other uses.
Example use: When you sign up on a PHP-Nuke site your password is encrypted with md5 and that is what is stored in the database, not your actual plain text password. When you next log in, the password you type into the login box is encrypted with md5 and then checked against the one stored in the database - if they match your in.
Having your md5'ed password will not allow them access unless they can actually work out what the password is by brute force - if you avoid using dictionary words and instead use a combination of letters, numbers & symbols for your password (the longer the better), it is highly unlikely that you will ever be comprimised.
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
Forums ©