Fwd: Re: phpnuke, security problem...

Mon, 12 Feb 2001 13:27:16 -0800 

Hi,

Due to this reply, i see no reason to delay this. No patch nor new version has
been released, for a quick fix, see below.

Regards,

Joao Gouveia
------------
[EMAIL PROTECTED]


 Francisco Burzi <[EMAIL PROTECTED]>

> Joao Gouveia wrote:
> >
> > Helo Francisco,
> >
> > There is yet another security flaw with the new phpnuke version.
> > Look here:
> > <quote opendir.php>
> > (...)
> > $REQUEST_URI = strip_tags($REQUEST_URI);
> > $res = explode("$PHP_SELF?", $REQUEST_URI);
> > $odp_cat = $res[1];
> > if (substr($odp_cat,0,1) == "/") $odp_cat = substr($odp_cat,1);
> > (define $requesturl)
> > (...)
> > </quote>
> > So, you're defining $requesturl based on something like /folder/page just
> > after the call to opendir.php.
> > This is no good, one can simply just don't suply a '/' as the first
argument,
> > thus allowing to assign our own $requesturl.
> > Example: http://www.phpnuke.org/opendir.php?requesturl=/etc/passwd
> >
> > A simple quick fix would be initiating $requesturl anywhere in the
begining
> > of the script.
> > <quote>
> > $requesturl="";
> > </quote>
> >
> > Best regards
> >
> > Joao Gouveia
> > ------------
> > [EMAIL PROTECTED]
>
> Yeah... but just say to me what can you do with a passwd file? just
> nothing. The important file isn't passwd, is /etc/shadow, right? and you
> get permission denied on that file... IF you get it you'll need a
> supercomputer to crack md5 passwords. Just my thoughts. /etc/passwd had
> problems in the past where crypted passwords was stored in, but now that
> problem is no more.
>
>
> Best Regards!
> =============================================
>  ____  _   _ ____       _   _       _
> |  _ \| | | |  _ \     | \ | |_   _| | _____
> | |_) | |_| | |_) | __ |  \| | | | | |/ / _ \
> |  __/|  _  |  __/ |__|| |\  | |_| |   <  __/
> |_|   |_| |_|_|        |_| \_|\__,_|_|\_\___|
> =============================================
>          Francisco Burzi (NuKeLiTe)
>               [EMAIL PROTECTED]
> PHP-Nuke.............................NukeNews
> http://phpnuke.org        http://nukenews.com
> =============================================
>
>



--

Joao Gouveia
------------
[EMAIL PROTECTED]

Reply via email to