|
|
Basically there is no check on the $referer variable when inserted into the backend database. This could allow attackers to hijack the administrator's cookie that contains login and password information.
The fix should be applied to the next release of PHP-Nuke (either the current RC3 or next). The exact coding may vary pending on your version of PHP-Nuke, but look for this around line 24 of "index.php":
$referer = getenv("HTTP_REFERER");
Immediately after this line of code, add the following security filter:
$referer = htmlspecialchars(strip_tags($referer));
This will strip away those nasty Javascript tags that can currently hijack an administrators cookie when viewing the list of referers via the Admin panel in PHP-Nuke.
Again if the line of code above to find doesn't match, it may look something like this too:
$referer = $_SERVER['HTTP_REFERER'];
If that is the line you have then again, add the following line of code immediately after it:
$referer = htmlspecialchars(strip_tags($referer));
This may not only apply to PHP-Nuke as most developers tend not to think of protecting this kind of variable. So check all your web applications.
One such application that shows a list of referer's on a PHP-Nuke site is developed by Nuke Styles called MS-Analysis. No testing of this application has been done, but there may be a risk in hijacking regular user cookies if the index.php file is left unpatched. Example of MS-Analysis:
http://www.nukestyles.com/modules.php?name=MS_Analysis
Source
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
