NukeXchange Network

          

Nuke Sites Link Directory
Nuke Fixes · NukeForums · NukeZone Hosting · NukeUnited · Nuke Sites · Nuke Skins · NukeLance
Nuke Resources
 :: Home  :: Downloads  :: Your Account  :: Forums  :: Advertise :: 
Login or Register
Main Menu
General
 Main
 AvantGo
 Banner_Clients
 cfaq
 Donations
 Downloads
 Forums
 Members_List
 Private_Messages
 Search
 Stories_Archive
 Submit_News
 Surveys
 Topics
 Web_Links
 Your_Account
Your Account
 Login
 Register
 Lost Pass
Modules
Quick Links
· CMS Focus
 · Domain Names
 . Game Quest
 · Learning Linux
 . MateMaker
 · NukeFixes
 · NukeForums
 · NukeLance
 · Nuke Sites
 · Nuke Skins
 · NukeZone Hosting
. SearchDevil
Other Options

Download Resources
· Nuke Downloads
· Add a Link
· New Files
· Top Rated
· Most Popular

Web Site Resources
· Nuke Sites
· Add A Site
· New Sites
· Top Rated
· Most Popular

Support
· NukeZone Hosting
· NukeSkins.com
· NukeForums.com
· phpnuke.org
· NukeFixes.com
Information
NukeForums
·Dynamic block height
·Full Path Changes Required in Several Directories
·Members Cant Logon My Site or View Forums & Member Profi
·versign and authorize.net phpauction integration...
·Approved Membership for 8.0
·I want to use full HTML content in the welcome page...
·Changed style from subsilver, folder images now dont display
·Installing the forum upadates
·PHP-Nuke SQL Injection Vulnerability Fix
·Warning: main(db/mysql.php): failed to open stream: No such

read more...
Top10 Links
· 1: Nuke Forums
· 2: PHPNukeFiles
· 3: NukeSkins
· 4: Nuke Templates
· 5: EcomJunk
· 6: MDesign
· 7: Windows Installation: PHP
· 8: FLASH-FOR-NUKE
· 9: Dezina
· 10: Global Dream News Sharing Portal!
Site Visitors
User Login:

Nickname:
Password:
Security Code: Security Code
Type Security Code Here:

Members List Membership:
Latest: companynewbie
Today: 0
Yesterday: 2
Overall: 14890
Visitation:
Guests: 542
Members: 0
Total: 542

You are Anonymous user. You can register for free by clicking here
Sponsor Links
Game Quest Online - Games and more!
Game Quest Online - Games and more!

NukeResources :: View topic - News & Story bug [7.7/ 7.8/ - plain & patch 2.3.1]
NukeResources Forum Index

NukeResources Forum Index -> Bug Fixes -> News & Story bug [7.7/ 7.8/ - plain & patch 2.3.1]
Post new topic  Reply to topic    View previous topic :: View next topic 
News & Story bug [7.7/ 7.8/ - plain & patch 2.3.1]
PostPosted: Sun Sep 04, 2005 5:39 am Reply with quote
toolbox
Resource Seeker
Resource Seeker
 
Joined: Feb 13, 2005
Posts: 17




Have you ever added categories in "News" admin?

Only "Articles" & "News" are allowed. The others are not.
I traced HTTP::POST and found $title variable is replaced with a string "News." Therefore, except for the predefined category "Articles," all categories you are trying to add is "News." because $title is always $title = "News."

I hope that this bug appears in my case. But, I tested several times with 7.7/ 7.8/ with security patch 2.3.1. Still my case was wrong.

Fixation:
Code:

# ---- [ OPEN ] -----
#
Open /modules/News/admin/index.php file

# ---- [ FIND ] ------
#
# comments: under function AddCategory() function
#
      echo "<center><font class=\"option\"><b>"._CATEGORYADD."</b></font><br><br><br>"
      echo "<center><br>"
      ."<form action=\"".$admin_file.".php\" method=\"post\">"
      ."<b>"._CATNAME.":</b> "
      ."<input type=\"text\" name=\"titlex\" size=\"40\" maxlength=\"40\"> "
      ."<input type=\"hidden\" name=\"op\" value=\"SaveCategory\">"
      ."<input type=\"submit\" value=\""._SAVE."\">"
      ."</form></center>";
#
# --- [ FIND, INLINE ] -------
#
."<input type=\"text\" name=\"title\" size=\"40\" maxlength=\"40\"> "

#
# --- [ REPLACE, WITH] ------
#
."<input type=\"text\" name=\"cat_title\" size=\"40\" maxlength=\"40\"> "

#
# ---- [ FIND ] -----
#
      case "SaveCategory":
      SaveCategory($title);
      break;
#
# ---- [ FIND, INLINE] ------
#
SaveCategory($title);

#
# ----- [ REPLACE, WITH ] -------
#
SaveCategory($cat_title);

#
# ---- EFX
#
View user's profile Send private message
PostPosted: Mon Sep 05, 2005 12:14 am Reply with quote
Evaders99
Resource Master
Resource Master
 
Joined: May 25, 2004
Posts: 1784




Good catch!

_________________
- Star Wars Rebellion Network - Evaders Squadron Coding -

Need help? Nuke Patched Core, Coding Services, Webmaster Services
View user's profile Send private message Visit poster's website AIM Address
News & Story bug [7.7/ 7.8/ - plain & patch 2.3.1]
 NukeResources Forum Index -> Bug Fixes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT - 4 Hours  
Page 1 of 1  
  
  
 Post new topic  Reply to topic     



Powered by phpBB © 2001-2005 phpBB Group.     Theme created by Vjacheslav Trushkin.
There have been 150 unique hit(s) in the past 24 hours.
Forums ©
Need to find your IP fast?


Best viewed with a Browser
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2001 - 2007 by NukeResources.com
You can syndicate our news using the file .backend.php or ultramode.txt
PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.27 Seconds

:: Eos phpbb2 style by Cyberalien :: PHP-Nuke theme by www.nukemods.com ::