Ravens PHP Scripts: Security



Search on This Topic:   
[ Go to Home | Select a New Topic ]
 

 

PHPNuke Category Parameter SQL Injection Vulnerability More about

Posted on Sunday, February 15, 2004 @ 14:19:00 CST in Security
by chatserv

Patch your search module:
under /* Category Selection */
add:
$category = intval($category);
and change:
$categ = "AND catid=$category ";
to:
$categ = "AND catid='$category' ";


 

 

UPDATE! New SQL Injection Issues In Nuke! More about Read More...

Posted on Tuesday, February 10, 2004 @ 15:23:34 CST in Security
by Raven

Admin Note: I have updated the code. Chatserv and I have spent several hours testing this. Let me know if you find any holes in my present solution.

Without posting the details, there are a couple new SQL Injection exploits out there. I recommend the following code be placed at the beginning of modules/Reviews/index.php and modules/News/friend.php

$test = rawurldecode($_SERVER["QUERY_STRING"]);
if (strstr($test,'%3c')||strstr($test,'<')) {
$loc = $_SERVER['QUERY_STRING'];
header("Location: hackattempt.php?$loc");
}

If you don't have a copy of my hackattempt.php file, download it! Alternatively you could redirect them to index.php but then you don't get an email advising you of the hack attempt.

For more on the exploits, click on Read More ... Read More...


 

 

Hack Alert Script Updated More about

Posted on Tuesday, February 10, 2004 @ 12:18:38 CST in Security
by Raven

I have released v1.1 of my hack alert script that SO MANY :lol: of you have been testing. See this news item Script To Confront Hackers With and SQL Injection Vulnerability for more information. Get it from the download area.


 

 

Hack Alert Script Released More about

Posted on Monday, February 09, 2004 @ 03:43:28 CST in Security
by Raven

I have released v1.0 of my hack alert script that SO MANY :lol: of you have been testing. See this news item Script To Confront Hackers With and SQL Injection Vulnerability for more information. Get it from the download area.


 

 

Script To Confront Hackers With More about

Posted on Thursday, February 05, 2004 @ 19:19:40 CST in Security
by Raven

I am preparing to release a script to compliment the SQL Injection code fix that I released earlier today. This script will let the hack person know that you have logged their information and are serious about it. In addition, the script will send you, the sysadmin, an email filled with all kinds of information. Click here to see the script output based on your IP.


 

 

Sec-Fix Patch SFP More about

Posted on Wednesday, February 04, 2004 @ 22:02:33 CST in Security
by chatserv

Security patch for PHP-Nuke 7.0 and 7.1 designed to secure the Reviews, Search, Sections and Surveys modules against a vulnerability being exploited in the same fashion the Downloads and Web_Links modules were compromised a while back.

Downloads: PHP-Nuke 6.5-6.9 - PHP-Nuke 7.0 - PHP-Nuke 7.1

Note: 
Updated - Added diff files in html format.


 



Page 100 of 102 (608 total stories) [ << | < | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | > | >> ]  

News ©

Site Info

Last SeenLast Seen
  • neralex
  • fistfight
Server TrafficServer Traffic
  • Total: 512,034,087
  • Today: 67,936
Server InfoServer Info
  • Apr 18, 2025
  • 11:26 am CDT
 
 

Site Navigation