[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY8-F36lnJ2IKkVmkL00064b31@hotmail.com>
From: k1ll3rb0y at hotmail.com (Dark Bicho)
Subject: Multiple vulnerabilities PHP-Nuke
original advisory : http://bichosoft.webcindario.com/advisory-05.txt
-------------------------------------------------------------------------------------------------
:.: Multiple vulnerabilities PHP-Nuke :.:
PROGRAM: PHP-Nuke
HOMEPAGE: http://phpnuke.org/
VERSION: 6.x, 7.2, 7.3
BUG: Multiple vulnerabilities
DATE: 14/05/2004
AUTHOR: DarkBicho
web: http://www.darkbicho.tk
team: Security Wari Proyects <www.swp-zone.org>
Email: darkbicho@...u.com
-------------------------------------------------------------------------------------------------
1.- Affected software description:
-----------------------------
Php-Nuke is a popular content management system, written in php by
Francisco Burzi.
2.- Vulnerabilities:
---------------
A. Full path disclosure:
This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive
information.
:.: Examples:
http://localhost/nuke1/modules.php?name=Reviews&rop=showcontent&id='DarkBicho
Warning: date(): Windows does not support dates prior to midnight
(00:00:00),
January 1, 1970 in c:\appserv\www\nuke1\modules\Reviews\index.php on
line 527
B. Cross-Site Scripting aka XSS:
:.: id :
*
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a
<input type=hidden name=id value='>
:.: title :
*
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a
:.: Examples:
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='<h1>DarkBicho</h1&title=a
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=<h1>DarkBicho</h1>
3.- SOLUTION:
????????
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the PHP-NUKE website for updates and official release details.
4.- Greetings:
---------
greetings to my Peruvian group swp and perunderforce :D
"EL PISCO ES Y SERA PERUANO"
5.- Contact
-------
WEB: http://www.darkbicho.tk
EMAIL: darkbicho@...u.com
-------------------------------------------------------------------------------------------------
___________ ____________
/ _____/ \ / \______ \
\_____ \\ \/\/ /| ___/
/ \\ / | |
/_______ / \__/\ / |____|
\/ \/
Security Wari Projects
(c) 2002 - 2004
Made in Peru
----------------------------------------[ EOF
]----------------------------------------------
_________________________________________________________________
Consigue aqu? las mejores y mas recientes ofertas de trabajo en Am?rica
Latina y USA: http://latam.msn.com/empleos/
Powered by blists - more mailing lists