Use exploit PHP-Nuke CAPTCHA bypass3.html which I published. Download it and setup it (e.g. set site’s URL in source code).

I also removed the “Quake Fix” on my official site and tried the 4 exploits but they didn’t work; maybe my phph version there isn’t vulnerable … (running PN 7.8 I think).

Man, as KrasivayaSvo wrote above, versions PHP-Nuke < 7.9 are vulnerable. So it’s interesting why exploits don’t work at your site. But he tested at different PN versions except 7.8, so maybe this one is not vulnerable (or you have 7.9 or other version).

in 8.1 it will anyways.

So for now we’ll be recommending to use your solution (with putting $gfx_chk to global) to fix these Insufficient Anti-automation holes.

I finally did some more tries on my local server and without that $gfx_chk added a new user was created on the site; when I added it I got an error saying the security code isn’t correct (normal coz it wasn’t checked before).

I couldn’t find that Quake thing thingy on my local 8.1 so I suppose it isn’t there :p

I also removed the “Quake Fix” on my official site and tried the 4 exploits but they didn’t work; maybe my phph version there isn’t vulnerable … (running PN 7.8 I think).

I would appreciate if others did try it out to see if adding gfx_chk to gloabls fixes the problem; but I think it will … in 8.1 it will anyways

Like I said before, KrasivayaSvo trick will not help with Insufficient Anti-automation hole, because referer checking can be bypassed. But this trick is anti CSRF filter, so it stop my PHP-Nuke exploits (all 3 exploits), because they not designed to bypass anti CSRF. You need to use exploit with bult-in anti CSRF bypassing to test at your sites.

I must say I get that “KrasivayaSvo warning (see code above)” on my official site and the local PN 8.1 site

It’s why you have this warning and why exploits don’t work - because of anti CSRF filter. So you need to remove this anti CSRF code from your site (for example at localhost) to check my exploits or to make new exploit with anti CSRF bypassing function to check at your current sites.

I wrote many times at my site about such exploits. You need to use script languages to make such program (Perl, PHP or others) - you can use any of my perl exploits (with anti CSRF bypassing), which I published in MoBiC project, and make from it exploit for PHP-Nuke. To find out if your suggestion is working.

I tried all our exploits (this one and the two others) but no new user was created.

I must say I get that “KrasivayaSvo warning (see code above)” on my official site and the local PN 8.1 site, but I am pretty sure adding “$gfx_chk” to both functions solves that problem.

I found out that users could register even if “gfx_check” & “random_num” were different while adding some mods to my site. After searching were the problem came from I found out “$gfx_chk” was empty (echoed all values) and that made me decide to add “$gfx_chk” to global for both functions. After that only “gfx_check = random_num” registrations seems to pass.

Hope someone with version without “KrasivayaSvo warning” can try it out (for example with same version of PN as for phpnuke.org)

Greetz

Did you checked only on this exploit (MoBiC-10 Bonus) or on two others PHP-Nuke CAPTCHA bypass exploits (MoBiC-10) also? It’s interesting to know if your patch fix one hole or both Insufficient Anti-automation holes.

I just tried on my local PN 8.1 install which I patched and it didn’t work anymore … if others can confirm it solved the problem I think this is the bugfix

Greetz

Thanks for your suggestion.

As I told KrasivayaSvo before, referer checking will not help with Insufficient Anti-automation hole, because this checking can be bypassed. Hope your sugestion will fix this vulnerability in PHP-Nuke.

More info below:

QUOTE

Hi all,

There seems to be a bug in PhpNuke 8.1 …

At the “New User” registration the “security code” seems not to be checked when registering … entering wrong code doesn’t affect anything …

I could solve the problem by simple adding “$gfx_chk” at the end of the “global …. ” line in “Modules/Your_Account/index.php” for function “confirmNewUser” & “finishNewUser”.

Hope this helps you guys out

/QUOTE