Security Hole And PhpGlobals

The time now is Wed 25 Feb, 2026 19:20 • All times are UTC + 1 Hour

Page 1 of 1

Bicet Joined: August 2006 Posts: 78 Location: Venice	Security Hole And PhpGlobals If you have Register Global set to ON, there's a possible vulnerability to the Nivisec Hacks List, that could lead to the inclusion of external files: PLEASE DELETE /adm/admin_hacks_list.php We will solve the security whoops ASAP. In the meantime the deletion is the only solution. ____________ Zubr sole verde cucchiaio
6 users like this post • Share
#1 Wed 23 Aug, 2006 20:55

Sponsors	Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

zankyw Joined: August 2006 Posts: 42 Location:	Re: Security Hole And PhpGlobals Thanks for the info Bicet! I've checked it, and fortunately, I've it set to off ____________ www.LphantES.com
Share
#2 Wed 23 Aug, 2006 22:10

buldo Joined: August 2006 Posts: 474 Location: Borgo San Michele	Re: Security Hole And PhpGlobals Bicet wrote: [View Post] If you have Register Global set to ON, there's a possible vulnerability to the Nivisec Hacks List, that could lead to the inclusion of external files: PLEASE DELETE /adm/admin_hacks_list.php We will solve the security whoops ASAP. In the meantime the deletion is the only solution. Did you know if this vulnerability is in older XS too? Thanks, ____________ ~~~ Andrea ~~~ User #379756 on Linux Counter "If you can't apt-get something, it isn't useful or doesn't exist!!"
Share
#3 Wed 23 Aug, 2006 22:36

Tom Joined: August 2006 Posts: 230 Location: Dresden	Re: Security Hole and PhpGlobals buldo wrote: [View Post] Did you know if this vulnerability is in older XS too? Thanks, This is very likely, because that file hasn't changed in quite a while. ____________ No support via PM or E-Mail! FAP 3, yeah baby, yeah!
Share
#4 Wed 23 Aug, 2006 22:53

Antonio Mercurio Joined: August 2006 Posts: 59 Location:	Re: Security Hole And PhpGlobals I've told you some mounths ago! http://www.phpbbplus.it/phpbbplus/x...5709.html#15709 Search Code: [Download] [Hide] Code: [Download] [Show] $phpbb_root_path = '../'; if( !empty($setmodules) ) { include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin_hacks_list.' . $phpEx); $filename = basename(__FILE__); $module['Info']['Hacks_List'] = $filename; return; } include($phpbb_root_path . 'extension.inc'); (file_exists('pagestart.' . $phpEx)) ? include('pagestart.' . $phpEx) : include('pagestart.inc'); replache with Code: [Download] [Hide] Code: [Download] [Show] if( !empty($setmodules) ) { $filename = basename(__FILE__); $module['General']['Hacks_List'] = $filename; return; } $phpbb_root_path = './../'; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); Also http://www.phpbbplus.it/phpbbplus/p...5693.html#15693 ____________ [img]http://www.mediomondo.it/appoggio/yuqlogo.jpg[/img]
Share
#5 Wed 23 Aug, 2006 23:27

Cristina Joined: August 2006 Posts: 43 Location: BDL (Milan)	Re: Security Hole And PhpGlobals Thank you Bicet, i'm going to delete the file---->/adm/admin_hacks_list.php from my site ____________ Non c'era la legge sul pericolo...
Share
#6 Thu 24 Aug, 2006 09:42

Bicet Joined: August 2006 Posts: 78 Location: Venice	Re: Security Hole and PhpGlobals Antonio Mercurio wrote: [View Post] I've told you some mounths ago! http://www.phpbbplus.it/phpbbplus/x...5709.html#15709 Search Code: [Download] [Hide] Code: [Download] [Show] $phpbb_root_path = '../'; if( !empty($setmodules) ) { include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin_hacks_list.' . $phpEx); $filename = basename(__FILE__); $module['Info']['Hacks_List'] = $filename; return; } include($phpbb_root_path . 'extension.inc'); (file_exists('pagestart.' . $phpEx)) ? include('pagestart.' . $phpEx) : include('pagestart.inc'); replache with Code: [Download] [Hide] Code: [Download] [Show] if( !empty($setmodules) ) { $filename = basename(__FILE__); $module['General']['Hacks_List'] = $filename; return; } $phpbb_root_path = './../'; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); Also http://www.phpbbplus.it/phpbbplus/p...5693.html#15693 PLEASE APPLY THIS PATCH! ____________ Zubr sole verde cucchiaio
Share
#7 Thu 24 Aug, 2006 10:56

Cristina Joined: August 2006 Posts: 43 Location: BDL (Milan)	Re: Security Hole And PhpGlobals ok done! thanks to A. Mercurio ____________ Non c'era la legge sul pericolo...
Share
#8 Thu 24 Aug, 2006 11:22

Joined: August 2006
Posts: 78
Location:

Venice

Re: Security Hole and PhpGlobals

Here's the premodified file

As always you'll need to replace all files

____________
Zubr sole verde cucchiaio

#9 Thu 24 Aug, 2006 12:39

Mighty Gorgon Luca Libralato Joined: August 2006 Posts: 7192 Location: Borgo San Michele	Re: Security Hole And PhpGlobals I'm trying another way to force register_globals to OFF... we will see if it works. ____________ Luca SEARCH is the quickest way to get support. Icy Phoenix ColorizeIt - CustomIcy - HON
Share
#10 Sun 27 Aug, 2006 03:34

Dalcielo Joined: August 2006 Posts: 1	Re: Security Hole And PhpGlobals I have this: Code: [Download] [Hide] [Select] Code: [Download] [Show] if( !empty($setmodules) ) { $filename = basename(__FILE__); $module['General']['Hacks_List'] = $filename; return; } $phpbb_root_path = './../'; require($phpbb_root_path . 'extension.inc'); require('./pagestart.' . $phpEx); if (!$userdata['user_level'] == ADMIN) { message_die(GENERAL_ERROR, 'Not Authorized'); } Is the same?
Share
#11 Sun 27 Aug, 2006 12:24

Mighty Gorgon Luca Libralato Joined: August 2006 Posts: 7192 Location: Borgo San Michele	Re: Security Hole And PhpGlobals No, it's not the same thing... please apply this patch as soon as possible! http://www.phpbbxs.eu/viewtopic.php?p=1311#1311 ____________ Luca SEARCH is the quickest way to get support. Icy Phoenix ColorizeIt - CustomIcy - HON
Share
#12 Sun 27 Aug, 2006 14:57

Page 1 of 1

Icy Phoenix