phpNuke and PostNuke file access vulnerability Date: Tuesday, September 25, 2001 @ 3:21 PM CDT Topic: Security Advisory There is a serious security issue with phpNuke and PostNuke that was reported today on a number of sites today. All the versions of phpNuke and possibly some versions of PostNuke and others ARE vulnerable with the exception of "phpNuke 5.0 RC1" was reported on some sites. Thanks for the heads up to LucisFero and supergate! Their Solution: File: ------------------------------------------- /admin.php ------------------------------------------- Find: ------------------------------------------- if ((isset($file)) AND ($file != "none")) { $updir = "images/articles"; @copy($file, "$updir/$file_name"); } $basedir = dirname($SCRIPT_FILENAME); $textrows = 20; $textcols = 85; $udir = dirname($PHP_SELF); if(!$wdir) $wdir="/"; if($cancel) $op="FileManager"; if($upload) { copy($userfile,$basedir.$wdir.$userfile_name); $lastaction = ""._UPLOADED." $userfile_name --> $wdir"; $wdir2="/"; chdir($basedir . $wdir2); Header("Location: admin.php?op=FileManager"); exit; } ------------------------------------------- Erase the function and use a FTP Client to upload your files. Alternative "quickfix" is to change: "if($upload) {" to "if (($upload) && ($admintest)) {" A downloadable fix for phpNuke has been posted at http://www.phpnuke.org/article.php?sid=2662&mode=nocomments&order=0&thold=0 To read more about this please check out the links. The more you read about it the better off you will be. http://www.twlc.net/article.php?sid=421 http://www.twlc.net/article.php?sid=423 http://sourceforge.net/tracker/?group_id=7511 http://www.nukeforums.com/forums/viewtopic.php?topic=2056&forum=29 This article comes from Nuke Resources http://www.nukeresources.com The URL for this story is: http://www.nukeresources.com/modules.php?name=News&file=article&sid=4