Author |
Message |
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
Posted:
Tue Oct 14, 2003 1:16 pm |
|
To fix the admin.php security exploit, you need to edit admin.php. Your beginning code in admin.php will look something like thisCode:<?php
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
require_once("mainfile.php");
get_lang(admin);
| Modify it to look like thisCode:<?php
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
$nastyGram = "<center>::<br />Thanks for providing me with your connection information!<br />You have been caught attempting to break into my site and appropriate action will be taken.<br />::</center>";
$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
require_once("mainfile.php");
include("header.php");
OpenTable();
echo $nastyGram;
CloseTable();
include "footer.php";
die();
}
require_once("mainfile.php");
get_lang(admin);
| The $nastyGram variable can be modified to be whatever you want it to. You could display a message and then relocate them to the FBI page for something novel . |
|
|
|
|
blith
Client
Joined: Jul 18, 2003
Posts: 977
|
Posted:
Tue Oct 14, 2003 2:18 pm |
|
this is nice!! Can we check to see if it is working somehow? |
|
|
|
|
Raven
|
Posted:
Tue Oct 14, 2003 2:25 pm |
|
The exploit was being accessed through code like this. I will only give enough to allow you to test - don't want to publish more than that here.
[ Only registered users can see links on this board! Get registered or login! ]
That should be enough to test it. |
|
|
|
|
blith
|
Posted:
Tue Oct 14, 2003 2:30 pm |
|
oh okay thanks... thanks for being on the lookout Mr. Raven!! |
|
|
|
|
fury
Worker
Joined: Sep 09, 2003
Posts: 165
|
Posted:
Tue Oct 14, 2003 2:35 pm |
|
hehehehehe works great thanks Raven |
|
|
|
|
mattomus
New Member
Joined: Aug 01, 2003
Posts: 5
|
Posted:
Wed Oct 15, 2003 12:41 pm |
|
Great work!
Is there a way to perhaps pm or e-mail the admin(s) when this message is displayed, so they can manually or automatically take corrective action? |
|
|
|
|
Raven
|
Posted:
Wed Oct 15, 2003 1:11 pm |
|
|
|
|
Frogger
Worker
Joined: Oct 06, 2003
Posts: 108
|
Posted:
Wed Oct 15, 2003 3:16 pm |
|
Kewl. Works Great! |
_________________ |
|
|
|
mattomus
|
Posted:
Thu Oct 16, 2003 12:58 am |
|
Oops, I said admin(s) what I meant to say is that a site administrator(s) that has just had this exploit or one like it, run on her/his patched site, by someone other than himself/herself, could probably benefit from knowing about the incident sooner rather than later.
For instance, it might be useful for that site administrator to be notified via e-mail or instant message, with the connection information and details of visitors that have been presented with the $nastyGram on their site(s). In this way they could manually take action, if that was what they wanted to do.
Another idea that comes to mind is the following:
If the ip address of the visitor that has been presented with the $nastyGram is not equal that of the true site administrator, then the ip address of that visitor might be automatically banned?
I do not have the skills required to implement the above ideas at this time, I am Just thinking out loud. |
|
|
|
|
Frogger
|
Posted:
Thu Oct 16, 2003 8:00 am |
|
The Protector 1.13b mod can help with that.
You can find it at http://protector.warcenter.se/
It protects admin IPs and you can also assign members to the protection.
It autobans and gives you the option to add more, tracks ips, who/where online, how long, reverse lookup, etc.. |
|
|
|
|
mattomus
|
Posted:
Thu Oct 16, 2003 3:40 pm |
|
Thanks for the tip frogger, this looks great! Is there a mod availible for 1.13b? |
|
|
|
|
Frogger
|
Posted:
Thu Oct 16, 2003 9:40 pm |
|
mattomus wrote: | Thanks for the tip frogger, this looks great! Is there a mod availible for 1.13b? |
I just woke up, so the ole grey cells aren't fully functional at the moment, so . . .
Not sure what you mean. Sounds like you found the site and the mod.
If you're not in a hurry to get Protector, you should wait until 1.14b is available sometime this week. |
|
|
|
|
mattomus
|
Posted:
Fri Oct 17, 2003 10:28 am |
|
I will wait for 1.14b
thank you |
|
|
|
|
Frogger
|
Posted:
Tue Oct 21, 2003 7:50 am |
|
What is the difference between these two fixes to the admin.php? Is all that stuff in the other code really necessary to fix the problem being addressed?
Your fix
Code:$nastyGram = "<center>::<br />Thanks for providing me with your connection information!<br />You have been caught attempting to break into my site and appropriate action will be taken.<br />::</center>";
$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
require_once("mainfile.php");
include("header.php");
OpenTable();
echo $nastyGram;
CloseTable();
include "footer.php";
die();
}
require_once("mainfile.php");
get_lang(admin);
|
Fix posted at the other site.....
Code:$checkmyurl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkmyurl")) {
echo "die";
exit;
}
require_once("mainfile.php");
get_lang(admin);
function create_first($name, $url, $email, $pwd, $user_new) {
global $prefix, $db, $user_prefix;
$first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
if ($first == 0) {
$pwd = md5($pwd);
$the_adm = "God";
$sql = "INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '')";
$db->sql_query($sql);
if ($user_new == 1) {
$user_regdate = date("M d, Y");
$user_avatar = "blank.gif";
$commentlimit = 4096;
if ($url == "http://") { $url = ""; }
$sql = "INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')";
$db->sql_query($sql);
}
login();
}
}
|
|
|
|
|
|
Raven
|
Posted:
Tue Oct 21, 2003 7:52 am |
|
Code:$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
| You need this code at a minimum. The other is at your discretion. |
|
|
|
|
Frogger
|
Posted:
Tue Oct 21, 2003 9:36 am |
|
As I thought....pretty much overkill, then.
I'm using your code. Was just wondering about the other. |
|
|
|
|
southern
Client
Joined: Jan 29, 2004
Posts: 624
|
Posted:
Fri Jan 30, 2004 3:08 pm |
|
Frogger wrote: | The Protector 1.13b mod can help with that.
You can find it at http://protector.warcenter.se/
It protects admin IPs and you can also assign members to the protection.
It autobans and gives you the option to add more, tracks ips, who/where online, how long, reverse lookup, etc.. |
Oh, I can attest to the efficacy of the Protector! I have it on my site and just from idle, mindless curiosity I ran Raven's snippet above and behold I banned myself.
{ edited by admin at user's request }
Go ahead, click that link. I dare you! Now I have to figure out how to unban myself, any ideas? |
Last edited by southern on Tue Aug 21, 2007 7:43 pm; edited 1 time in total |
|
|
|
Raven
|
Posted:
Fri Jan 30, 2004 4:06 pm |
|
Uninstall it. It's a known bug. |
|
|
|
|
southern
|
Posted:
Fri Jan 30, 2004 5:14 pm |
|
Raven wrote: | Uninstall it. It's a known bug. |
OK. Live and learn... I hate full moons! |
|
|
|
|
gazj
Worker
Joined: Apr 28, 2006
Posts: 152
Location: doncaster england
|
Posted:
Mon Apr 14, 2008 11:30 pm |
|
this exploit is now fixed in the latest nuke patched series so upgrade to that to fix the problem |
_________________ as i stare into the abyss and battle with my demons i yell timeout and have a coffee break. |
|
|
|
Raven
|
Posted:
Tue Apr 15, 2008 1:25 am |
|
Gazj,
Thanks for this information but you are replying to a post that is over 4 years old . This has long since been put to rest |
|
|
|
|
gazj
|
Posted:
Tue Apr 15, 2008 1:38 am |
|
i know buddy but just saying as some people that isnt nuke minded wont know the differnce and ask a question anyways |
|
|
|
|
southern
|
Posted:
Tue Apr 15, 2008 8:58 pm |
|
That beats my record for oldest post replied to lol |
|
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
Posted:
Wed Apr 16, 2008 6:57 am |
|
gazj wrote: | i know buddy but just saying as some people that isnt nuke minded wont know the differnce and ask a question anyways |
Well then you have a lot of work cut out for you with all the threads here. |
_________________ GCalendar - An Event Calendar for PHP-Nuke
Member_Map - A Google Maps Nuke Module |
|
|
|
sebastiaan
New Member
Joined: Apr 27, 2009
Posts: 21
Location: The Netherlands
|
Posted:
Sat Jul 18, 2009 1:44 am |
|
Raven wrote: | To fix the admin.php security exploit, you need to edit admin.php. Your beginning code in admin.php will look something like thisCode:<?php
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
require_once("mainfile.php");
get_lang(admin);
| Modify it to look like thisCode:<?php
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
$nastyGram = "<center>::<br />Thanks for providing me with your connection information!<br />You have been caught attempting to break into my site and appropriate action will be taken.<br />::</center>";
$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
require_once("mainfile.php");
include("header.php");
OpenTable();
echo $nastyGram;
CloseTable();
include "footer.php";
die();
}
require_once("mainfile.php");
get_lang(admin);
| The $nastyGram variable can be modified to be whatever you want it to. You could display a message and then relocate them to the FBI page for something novel . |
Code:translated to dutch:
<?php
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System */
/* ============================================ */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
$nastyGram = "<center>::<br />Dank voor het leggen van deze verbinding!<br />You Alleen je hebt nu een probleem, je ben aangemeld als hacking athempt.<br />::</center>";
$myPHPVersion = str_replace('.','',phpversion());
if ($myPHPVersion>=410) $checkMyUrl = $_SERVER['REQUEST_URI'];
else $checkMyUrl = getenv("REQUEST_URI");
if (preg_match("/\?admin/", "$checkMyUrl")) {
require_once("mainfile.php");
include("header.php");
OpenTable();
echo $nastyGram;
CloseTable();
include "footer.php";
die();
}
require_once("mainfile.php");
get_lang(admin);
|
|
Last edited by sebastiaan on Sat Jul 18, 2009 2:32 am; edited 1 time in total |
|
|
|
|