Disabling the ”Security Code” feature of PHP-Nuke

Run the following commands:

cd /www/docs/mydomain.com/
grep -R “extension_loaded(“gd”)” * | awk -F”:” ‘{print $1}’ | sort | uniq

Wait at least 30 seconds. It’s searching all the files in this directory. Each of the files returned will contain the string ‘extension_loaded(“gd”)’, which must be replaced with “0” to make those IF statments false. For example, admin.php contains the line:

if (extension_loaded(“gd”) AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) {

Modify it so that it says this:

if (0 AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) {

If you are leet, and know VI, a simple replace command would be:

:1,$s/extension_loaded(“gd”)/0/g

And that should be it!