php-nuke.txt

` php-nuke bug by Starman_Jones 22/08/00  
  
Disclaimer: I am not responsible for whatever you do with the knowledge  
you get from reading this advisorie. I am not telling you to go and post  
messages on sites that use PHP-nuke.  
  
Recently there was an advisory on bugtraq about An access validation error  
that exists in PHP-nuke Web Portal System. With this bug it is possible  
for a remote user to gain administrative privileges.  
http://www.target.com/admin.php3?admin=anything  
  
The above example lets you login as the administrator. But you cannot do  
anything with that url alone. When you click on anything in the  
administrator's control panel you get asked for a username and password.  
I have found a way to bypass this.  
  
http://www.example.com/admin.php3?admin=anything&op=PostAdminStory&introtext=evil%20hacker%20message  
  
The Above example lets you post a topic on the main page as an  
administrator. You can add html tags to it. And a topic.  
To seperate the text you want to display you use '%20' without the ''.  
You could also put html in the message and make the whole front page  
redirect to some other page. Anyway you get the idea.  
  
You can also edit the existing admin accounts by doing:  
http://www.example.com/admin.php3?admin=anything&op=mod_authors  
  
With &op= whatever is in teh administration menu you can control  
everything that it lets you. I will not go into anything else. I just  
wanted to show you how to post as an administrator and leave the rest up  
to you.  
  
The patch for this bug is available at:  
http://www.ncc.org.we/php-nuke.php3?op=download&location=http://download.sourceforge.net/phpnuke&file=PHP-Nuke-3.0.tar.gz  
  
You can post this text on any page as long as you give proper credit to  
me: Starman_Jones.  
  
Copyright Starman_Jones  
  
`