From owner-freebsd-security  Sat Oct  6 18:30:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from blort.org (blort.org [208.8.184.14])
	by hub.freebsd.org (Postfix) with ESMTP id 6BFC937B405
	for <freebsd-security@FreeBSD.ORG>; Sat,  6 Oct 2001 18:30:19 -0700 (PDT)
Received: by blort.org (Postfix, from userid 1001)
	id 3A6DC21051; Sat,  6 Oct 2001 18:30:13 -0700 (PDT)
Date: Sat, 6 Oct 2001 18:30:13 -0700
From: Kameron Gasso <kgasso@blort.org>
To: "Karl M. Joch" <k.joch@kmjeuro.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: [Somewhat OT] PHPNuke exploit
Message-ID: <20011006183012.A64097@blort.org>
Reply-To: kgasso@blort.org
References: <02da01c14ecd$4610e8a0$0a05a8c0@ooe.kmjeuro.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <02da01c14ecd$4610e8a0$0a05a8c0@ooe.kmjeuro.com>; from k.joch@kmjeuro.com on Sun, Oct 07, 2001 at 03:13:22AM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* At 18:10PDT on 10/06/2001, Karl M. Joch <k.joch@kmjeuro.com> wrote:
> For all running PHPNuke. There is a exploit in admin.php which allows
> copying/uploading files. there are 2 articles on www.freebsd.at.

I know, this is a bit offtopic for the list, but...

IIRC wasn't the vulnerability part of the file upload functionality in PHP-Nuke?  I disabled this (through force, before all the nice patches were available ;) quite a while back on one of my sites, and haven't been able to successfully exploit myself.

The problem is, this didn't get a lot of attention - especially considering how many sites actually do run PHP-Nuke.  There's quite a bit of info, including patches at:

http://www.phpnuke.org/article.php?sid=2662&mode=thread&order=0&thold=0

If there are any unpatched nukers amongst us, I suggest you go grab the available patches secure your site _now_ before some script kiddie defaces your page to impress his "friends", or worse, uses his newly gained local access to your machine to gain root.

Cheers,

Kameron Gasso
kgasso@blort.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message