|
XSS security warning for myPHPNuke sites running version 1.8.8_7 and older
|
|
 |
Posted on Sunday, February 26 2006 @ 05:10:27 CETby avw
|
|
|
On February 22nd, 2006, a new security advisory was issued regarding existing vulnerabilities in myPHPNuke 1.8.8. We were correctly informed by Mustafa Can Bjorn who has discovered these vulnerabilities.
The developmentteam have taken prompt action to investigate this issue. It turns out to be a security advisory geared to old, outdated versions of myPHPNuke. Nevertheless, because a number of websites are still running old, out-dated and no longer supported versions of myPHPNuke, the security alert is still valid for those websites.
All websites that are running myPHPNuke version 1.8.8_8 (released in fall 2003!) and newer are safe. You can test your own website(s) to see if they are safe or not by executing those tricky URL's against your own website. When your website responds with the text "! Action Denied !" the attack is catched and handled properly by denying the attacker access to your website for that malicious URL.
If your website is running versions of myPHPNuke 1.8.8_7 or older, we urgently request you to update your site as soon as possible. This request was first issued in fall 2003 and is still valid. This recent discovery shows that still too many websites are running vulnerable code and you as website owner are responsible for that. We have provided you in time with more secure versions of the portal code.
If you have more questions, feel free to discuss this in our forum.
The MPN developmentteam
Related websites:
http://www.securityfocus.com/bid/16815/info
http://www.nukedx.com/?viewdoc=12
|
|
| |
|
|
|
|
|
|
Security
|
|
|
|
Comments
by Anonymous on Monday, May 22 2006 @ 07:09:17 CEST
fdhgdh fh f