Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PHP nuke XSS vulnerability

from [wormz . web] Network Security [Permanent Link]
Subject: Re: PHP nuke XSS vulnerability
Date: 25 Jun 2005 16:51:57 -0000 
////////////////////////////////////////
//                                    //
//              ENGLISH               //
//                                    //
////////////////////////////////////////

www.wormzweb.tk

This bug do not affect all php-nuke versions because not all versions allow 
link offsite avatars.

Php-nuke use phpbb forums so perhaps that problem affects phpbb forums too.

Solution: A simple solution meanwhile a official solution will apear is this: 

In http://yoursite/modules/Forums/admin/index.php
you can configure your forum options, in this options you can disable offsite 
avatars. This is not an official solution, is a temporal solution till an 
official will appear.

MORE INFO IN SPANISH:
http://usuarios.lycos.es/wormzweb/modules.php?name=News&file=article&sid=209

////////////////////////////////////////
//                                    //
//              ESPAÑOL               //
//                                    //
////////////////////////////////////////

www.wormzweb.tk

Este bug no afecta a todas las versiones de php-nuke ya que no todas las 
versiones permiten el enlace de avatares a imagenes externas a la web.

Php-nuke usa foros con phpbb por lo que quizá el problema sea en este tipo de 
foros y también se vean afectados.

Solución: Una solucion temporal NO OFICIAL es la siguiente mientras no aparece 
un parche ante este error.

En http://yoursite/modules/Forums/admin/index.php
se puede configurar las opciones del foro, una de estas opciones es 
deshabilitar los avatares externos, con esta opción solo se permitirá poner 
avatares internos a la web y por lo tanto no se podrá introducir el código del 
xploit.

PARA MAS INFORMACIÓN:
http://usuarios.lycos.es/wormzweb/modules.php?name=News&file=article&sid=209
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [NGSEC] AntiPharming v1.00 FREE, Ansgar -59cobalt- Wiechers
Next by Date:  [Full-disclosure] Call for Participation: Summerschool Applied IT-Security 2005, Ilja
Previous by Thread:  PHP nuke XSS vulnerability, fjlj
Next by Thread:  TSLSA-2005-0030 - multi, Trustix Security Advisor
Indexes:  [Date] [Thread] [Top] [All Lists]