OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Joao Gouveia (tharbadKAOTIK.ORG)
Date: Mon Feb 12 2001 - 05:07:15 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi,

    Due to this reply, i see no reason to delay this. No patch nor new version has
    been released, for a quick fix, see below.

    Regards,

    Joao Gouveia
    ------------
    tharbadkaotik.org

     Francisco Burzi <fburzincc.org.ve>

    > Joao Gouveia wrote:
    > >
    > > Helo Francisco,
    > >
    > > There is yet another security flaw with the new phpnuke version.
    > > Look here:
    > > <quote opendir.php>
    > > (...)
    > > $REQUEST_URI = strip_tags($REQUEST_URI);
    > > $res = explode("$PHP_SELF?", $REQUEST_URI);
    > > $odp_cat = $res[1];
    > > if (substr($odp_cat,0,1) == "/") $odp_cat = substr($odp_cat,1);
    > > (define $requesturl)
    > > (...)
    > > </quote>
    > > So, you're defining $requesturl based on something like /folder/page just
    > > after the call to opendir.php.
    > > This is no good, one can simply just don't suply a '/' as the first
    argument,
    > > thus allowing to assign our own $requesturl.
    > > Example: http://www.phpnuke.org/opendir.php?requesturl=/etc/passwd
    > >
    > > A simple quick fix would be initiating $requesturl anywhere in the
    begining
    > > of the script.
    > > <quote>
    > > $requesturl="";
    > > </quote>
    > >
    > > Best regards
    > >
    > > Joao Gouveia
    > > ------------
    > > tharbadkaotik.org
    >
    > Yeah... but just say to me what can you do with a passwd file? just
    > nothing. The important file isn't passwd, is /etc/shadow, right? and you
    > get permission denied on that file... IF you get it you'll need a
    > supercomputer to crack md5 passwords. Just my thoughts. /etc/passwd had
    > problems in the past where crypted passwords was stored in, but now that
    > problem is no more.
    >
    >
    > Best Regards!
    > =============================================
    > ____ _ _ ____ _ _ _
    > | _ \| | | | _ \ | \ | |_ _| | _____
    > | |_) | |_| | |_) | __ | \| | | | | |/ / _ \
    > | __/| _ | __/ |__|| |\ | |_| | < __/
    > |_| |_| |_|_| |_| \_|\__,_|_|\_\___|
    > =============================================
    > Francisco Burzi (NuKeLiTe)
    > fburzincc.org.ve
    > PHP-Nuke.............................NukeNews
    > http://phpnuke.org http://nukenews.com
    > =============================================
    >
    >

    --
    

    Joao Gouveia ------------ tharbadkaotik.org