-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadv01-y3dips-2004.txt
115 lines (73 loc) · 3.42 KB
/
adv01-y3dips-2004.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/
.OR.ID
ECHO_ADV_01$2004
---------------------------------------------------------------------------------
Author: y3dips
Date: 26 Juli 2004
Location: Indonesia, Jakarta
Web: http://echo.or.id/adv/adv01-y3dips-2004.txt
---------------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Php-Nuke is a popular freeware content management system, written in php by
Francisco Burzi. This CMS (Content Management System) is used on many thousands
websites, because it's freeware, easy to install and has broad set of features.
Homepage: http://phpnuke.org
Version :
tested on PHP-Nuke Web Portal System Version 6.5
and the newest free version 7.3
not tested on other version but it is possible be the same
----------------------------------------------------------------------------------
Vulnerabillities
~~~~~~~~~~~~~~~~
1. SuperUser could Delete GOD account
i dont know what is this call,
is it a bug or just a trik
but i just want to give you a clue to delete God Account in PHPNUKE ,
coz u can`t delete it from your PHPNUKE control panel,
see this page http://localhost/PHP-Nuke/admin.php?op=mod_authors
Edit Admins
dudul All Modify Info God Admin*
geblek All Modify Info Delete Author
y3dips All Modify Info Delete Author
*(GOD account can't be deleted) <------ see this note !!!!
what u need just paste this URL'z to your url box , change the path && dudul
with id of God account u want to delete. but first u have to be "Super User".
POC : y3dips is a super user , dudul its God Admin
login as y3dips and then paste this url
http://localhost/phpnuke/admin.php?op=deladmin2&del_aid=dudul
and then the dudul its gone,
it prove that , the developer dont make it "Can`t be deleted" but they just
'hide' a link to execute it.
solutions from me : be carefull to choose your super user :p
solution from vendor : not contacted yet
Clue: what i just want to tell u in this section is ,
they dont make it "cant be deleted" like the note!
2.Super user could modify God account or other super user account
it mean that super user could 'take over' God Admin account and change it to
user . super user could modify other super user and change it to user accounts
POC : as y3dips modify dudul or geblek and change permissions to user, not only that!
you can change all information and password
solutions from me : be carefull to choose your super user :p
solution from vendor : not contacted yet
clue : does phpnuke only allow or made just for one super user ?
how about in big sites and need more management from other branch or etc
----------------------------------------------------------------------------------
Shoutz:
~~~~~~~
~ echo|staff (m0by, the_day, comex, z3r0byt3, K-159*, c-a-s-e, S`to)
~ #e-c-h-o@DALNET
* : thx for the time and the spirit :)
-----------------------------------------------------------------------------------
Contact:
~~~~~~~~
y3dips || echo|staff
Homepage: http://echo.or.id/
---------------------------------- [ EOF ] -----------------------------------------