Home PHPNuke Linux MySQL Apache FAQs Downloads Writing Resume
  _LOGINCREATE    

Advertisement



Search Engine Results


Daily Use Links

Spot Your Train
Internet Reservation
Your PNR Status
Train Enquiry
Train Arrivals
Train Departures
Time Tables
Find Your Train
Find Indian Hotels
Currency Convertor
CBSE RESULTS
Schools in Other Cities
Schools in Mumbai
Schools in Delhi and NCR
Schools in Bangalore
Schools in Chennai

Zope and Plone

Zope Zone FAQs
Why Zope
Zope Book - PDF
Zope Developer's Guide
Download Python
Download Zope
Download Plone
Zope Management Guide

Open Source
Article-1

Big Story of Today
· PHP Nuke 7.5 Stories
· Resume and Cover
· My Posts at Various Forums
· LINUX
· MYSQL
· APACHE
· My Resume
· Resume and Covering Letter
· Business Proposal - Ms Sunira Sharma
· Various Schools at Delhi and NCR
· Various Schools in Mumbai

Modules
· Home
· Content
· Downloads
· FAQ
· Feedback
· Forums
· Journal
· Private Messages
· Recommend Us
· Top 10
· Web Links
· Your Account

Who's Online
There are currently, 6 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

Categories Menu
· All Categories
· Secured Scripts

Login
Nickname

Password

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Information

Powered by PHP-Nuke

Valid HTML 4.01!

Valid CSS!

Powered by phpBB2


My Nuke Forums
*Karakas *Euronuke *Xoops *Advisory *CMSfind *NUKEfind *RavenScripts *CodeWalker *NukeForums *NukeSecurity *Kenetix *ChatServ *NukeSecurity *CubeCart *GtAudioSlaved *NukeResource *CodeWeavers *Disipal *MacroMedia *AllNuke *NukeScripts *FlashNukers *ProHioxIndia *Protector *NukeThemeDe *Terex *NukeCops

PhpNuke Websites

Learn About Shares

Kotak Securities
Value Research
Share Khan
Karvy
BSE India
NSE India
ICICI Direct

Internet Speedometer
Check Internet speed Now

Intresting Learning


Guide to Writing


Project Writing


Project Presentation


Calender Events
Check Calender

PHPEclipse Project

PHPEclipse Project

LAMP Setup Guide

LAMP How To


Latest Sensex

 
PHP Nuke 7.5 Stories





The following two Vulnerabilities could be sorted out only for PHP Nuke 7.5 by working at it for more than a month.

  1. PHPSESSID be used instead of [user:MD5(password):language] as Cookie to enforce proper Session Management which presently is confined to PHP Board Bulletin only.
  2. The Cookie remains same before login, during surfing pages and on logging out even if months have lapsed. If one could sniff cookie of normal user or admin user could assume the Admin Privileges.
  3. I had to amplify this here once again for simple reason as I wanted to share this with FB and Chatserv for the PHP Nukers to benifit most as they could incorporate for Future Releases and Past Releases by taking out appropriate patch for same after duly testing.
  4. It is too unfortunate that both of them have not responded even sending Direct Email/Personal Message thru Forums on nukeresources, nukecops etc.
  5. I need to tell the complete story for people to believe me. By the Way this is not for any cheap popularity or Gimmick but Serious business of Securing the PHPNuke (as my website got hacked thrice with in 6 months) that I am trying explaining. I want people to genuinely get benifited without paying even a penny. As I have learnt for Free in last 2 and a half years and am indebted for the cause of open source especially php nuke to give back whateve extra I gained.
  6. My official website was to be hosted on a Govt. ISP where it was the First PHPNUKE powered website on Linux platform to be audited by the Dedicated Security Team housing people from various Companies like RedHat, Novell, Microsoft and many others apart from IT Security Companies. My dead line gave me just over one month to migrate my website from Private ISP to that of Govt. ISP as per directives received , as it was to expire within that period necesitating renewal of same with Private ISP which we were forbidden due three prior attacks on website. Most importantly, I was told to shift to Window Platform which they thought was more safer and ready to pay hefty amount just for Security but I stongly feel that these websites are rather attacked more as per daily reports of zone-h.org website and personally I did not want to loose on thousands of hours of experience devoted to learn the beautiful CMS Php Nuke). I had to upgarde them from 5.4 to that of 7.5 version.
  7. During the course of this audit using Achllis, Burp Proxy and Winhex (names are approximately recalled). It may be noted that website was being checked specially for top 10 Vulnerabilities. Names and nature of Vulnerabilities are shown below as reported first time on completion of Security Audit.
    • Un-validated Input-Safe
    • Broken Access Control-Safe
    • Broken Account and Session Management-Unsafe
    • Cross-Site Scripting (XSS) Flaws-Safe
    • Buffer Overflows-Safe
    • Injection Flaws-Safe
    • Error Handling Problems-Safe
    • Insecure storage-NA
    • Denial of service-Safe
    • Insecure Configuration Management-NA
  9. But following Two Vulnerabillities stopped the movement of my website from Staging Server to Production Server and I had just 35 days to resolve the same. With the help of Security Team there and self devoting about 15 hours a day on books, Forums and on Server with Security Audit Tools deployed by them could succeed and today my website based on PHPNuke 7.5 duly patched up and as explained earlier in following Paragraphs, I felt a need to ring Bells to FB and chatserv which as per my opinion are the top two people working for the cause of PHP Nuke. In order that the patch does not reach unscruplous hands I wanted to make sure that it rached only safe hands. I hope reading this true story they may react now and the PHP Nuke Community may feel lttle more safer otherwise figures of phpNuke websites getting hacked on daily basis as appears in zone-h.org website are very alarming and demotivating for newcomers to php nuke freternity.
  10. A malicious user can escalate his privileges to become an administrator was unsafe - but no more
  11. A malicious user can steal username and password from memory/network was unsafe - but no more

As earlier Posted:-

  1. Firstly, The PHPNuke 7.5 has been successfully patched for Creating Sessions for Normal users as well as Admin Users duly seeded and destroying the same at Server level along with reducing of Cookie time to 1 hour for Normal User and 10 minute for Admin User. In simple words, the stolen/sniffed Cookie of both admin and normal user cannot be used to assume normal/admin user as unique Session is created at the login time and Session is destroyed along with randomized cookie at the time of logging out.
  2. Secondly, The Memory/Network user (both) passwords has been salted to render them useless even if somebody happens to sniff/steal the user/password from client side.
  3. The detailed report is being prepared for Francisco Burgi and Chatserv for incorporating in future releases and for incorporating same in previous versions if approved by Fransisco Burgee himself. The patch being prepared and sent to francisco burgi and chatserv on completion for vetting and approval.

Rakesh Sharma
webmaster@cdrrakesh.com









cdrrakesh.com
Educational Website

Copyright © by Commander Rakesh Sharma All Right Reserved.

Published on: 2005-04-02 (1319 reads)

[ Go Back ]
Content ©
cdrrakesh.com Copyright © May 2001. All Rights Reserved.

PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL

Page Generation: 0.04 Seconds