Nuke Resources - Security update

Nuke Fixes · NukeForums · NukeZone Hosting · NukeUnited · Nuke Sites · Nuke Skins · NukeLance

:: Home

:: Downloads

:: Your Account

:: Forums

:: Advertise ::

Main Menu

General

Main

AvantGo

Banner_Clients

cfaq

Donations

Downloads

Forums

Members_List

Private_Messages

Stories_Archive

Submit_News

Surveys

Topics

Web_Links

Your_Account

Your Account

Lost Pass

Modules

Quick Links

· CMS Focus
· Domain Names
. Game Quest
· Learning Linux
. MateMaker
· NukeFixes
· NukeForums
· NukeLance
· Nuke Sites
· Nuke Skins
· NukeZone Hosting
. SearchDevil

Other Options

Download Resources
· Nuke Downloads
· Add a Link
· New Files
· Top Rated
· Most Popular

Web Site Resources
· Nuke Sites
· Add A Site
· New Sites
· Top Rated
· Most Popular

Support
· NukeZone Hosting
· NukeSkins.com
· NukeForums.com
· phpnuke.org
· NukeFixes.com

Information

NukeForums

·multiple installs not working
·Downloads Configuration Question
·Designing your own version of phpnuke
·What do I need for emails to work?
·Help: Putting forums on front page
·Custom Blocks, Content
·Need Suggestion for Shopping Cart
·RSS feed error in IE 7
·Forum admin prob
·Getting Header Errors

read more...

Top10 Links

· 1: Nuke Forums
· 2: PHPNukeFiles
· 3: NukeSkins
· 4: Nuke Templates
· 5: EcomJunk
· 6: MDesign
· 7: Windows Installation: PHP
· 8: FLASH-FOR-NUKE
· 9: Dezina
· 10: Global Dream News Sharing Portal!

Site Visitors

Membership:

Latest: Foxfire

Today: 0

Yesterday: 1

Overall: 14817

Visitation:

Guests: 506

Members: 0

Total: 506

You are Anonymous user. You can register for free by clicking here

Sponsor Links

php-Nuke Themes and Templates

Security update

Techgfx writes "I have released a security update which came to my attention yesterday. Information relating to the security issue is below. Affected: PHP-Nuke 6.5-7.6 / PHP-Nuke Platinum 6.9.0-7.6.0 / PHP-Nuke Patched 2.8 / phpBB 2.0.11. Description: phpBB administrative variable manipulation can allow illegal server path disclosure. Correction method: Available here

@ chatserv: might like to apply this in patched 2.9.

Admin Note: I updated 2.8, 2.9 is not yet ready, one change from your suggested fix though, delete modules/Forums/Admin/common.php instead of editing it, if any file is making a call to this one it should be edited to point to the main one. Thanks for the heads up bro."

Posted on Monday, January 31, 2005 @ 9:19 AM CST by chatserv

Multi-Site Search

Sponsor Links

Related Links

· More about Security Advisory
· News by chatserv

Most read story about Security Advisory:
phpNuke and PostNuke file access vulnerability

Article Rating

Average Score: 5
Votes: 2

Options

Printer Friendly Page

Re: Security update (Score: 1)
by Techgfx on Tuesday, February 01, 2005 @ 2:34 AM CST
(User Info | Send a Message)

In the get array in mainfile.php the following code can be commented out:

(eregi("forum_admin", $var_name)) ||

as the value is no longer available.

Also

if ($forum_admin != 1) {

can be replaced with

if (!defined('FORUM_ADMIN')) {

note the !defined instead of defined because it is != not ==.

The instuctions have been updated on the correction URL.

Re: Security update by MrFluffy on Tuesday, February 01, 2005 @ 4:59 AM CST

Re: Security update (Score: 1)
by sixonetonoffun on Wednesday, February 02, 2005 @ 2:08 PM CST
(User Info | Send a Message)

Is www.techgfx.com just down for updates? Or do we need to point to somewhere else to direct people how to make this modification?

Best viewed with a Browser
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2001 - 2007 by NukeResources.com
You can syndicate our news using the file .backend.php or ultramode.txt
PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.19 Seconds

:: Eos phpbb2 style by Cyberalien :: PHP-Nuke theme by www.nukemods.com ::