Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

PHP-Nuke security vulnerability (bb_smilies.php) Vulnerability Scan


Vulnerability Scan Summary
Determine if a remote host is vulnerable to the bb_smilies.php vulnerability

Detailed Explanation for this Vulnerability Test

The remote host seems to be vulnerable to a security problem in PHP-Nuke (bb_smilies.php).
The vulnerability is caused by inadequate processing of queries by PHP-Nuke's bb_smilies.php
which results in returning the content of any file we desire (the file needs to be world-readable).
A similar vulnerability in the same PHP program allows execution of arbitrary code by changing
the password of the administrator of bb_smilies.

Impact:
Every file that the webserver has access to can be read by anyone. It is
also possible to change bb_smilies' administrator password and even execute
arbitrary commands.

Solution:
Change the following lines in both bb_smilies.php and bbcode_ref.php:

if ($userdata[9] != '') $themes = 'themes/$userdata[9]/theme.php'

else $themes = 'themes/$Default_Theme/theme.php'



To:

if ($userdata[9] != '') $themes = 'themes/$userdata[9]/theme.php'

else $themes = 'themes/$Default_Theme/theme.php'

if ( !(strstr(basename($themes),'theme.php')) || !(file_exists($themes)) ){
echo 'Invalid Theme'
exit
}
include ('$themes')



Or upgrade to the latest version (Version 4.4.1 and above).

Threat Level: Medium

Additional information:
http://www.securiteam.com/securitynews/Serious_security_hole_in_PHP-Nuke__bb_smilies_.html

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.