[19167] in bugtraq
Re: Fwd: Re: phpnuke, security problem...
daemon@ATHENA.MIT.EDU (Peter van Dijk)
Mon Feb 12 22:36:24 2001
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20010212210410.F55386@dataloss.nl>
Date: Mon, 12 Feb 2001 21:04:10 +0100
Reply-To: Peter van Dijk <peter@DATALOSS.NL>
From: Peter van Dijk <peter@DATALOSS.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200102121107.LAA28607@srvlis11.teleweb.pt>; from
tharbad@KAOTIK.ORG on Mon, Feb 12, 2001 at 11:07:15AM -0000
On Mon, Feb 12, 2001 at 11:07:15AM -0000, Joao Gouveia wrote:
[snip]
> > > Example: http://www.phpnuke.org/opendir.php?requesturl=/etc/passwd
You can actually insert any URL instead of "/etc/passwd" and have it
read. Depending on the server's configuration, this could be abused to
execute PHP code, probably, and from that, any UNIX shell command.
The author obviously doesn't care about security.
Greetz, Peter.
