[19200] in bugtraq
Re: Fwd: Re: phpnuke, security problem...
daemon@ATHENA.MIT.EDU (=?us-ascii?Q?Thomas_J._Stensas?=)
Tue Feb 13 20:04:41 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <ODECKPJIFNBKNFLKPHIFMEHKCBAA.ShadowMaster@Shadow-Realm.org>
Date: Tue, 13 Feb 2001 11:37:58 +0100
Reply-To: "=?us-ascii?Q?Thomas_J._Stensas?=" <ShadowMaster@SHADOW-REALM.ORG>
From: "=?us-ascii?Q?Thomas_J._Stensas?=" <ShadowMaster@SHADOW-REALM.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010212210410.F55386@dataloss.nl>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greets.
This problem is known and fixed by the author and a patched
opendir.php file have been made availible for download from the
phpnuke home site.
phpnuke home: http://www.phpnuke.org/
Patched opendir.php:
http://www.phpnuke.org/download.php?op=mydown&did=64
- --
Yours Sincerely
Thomas Juberg Stensas (ShadowMaster/HAMLET @ IRC)
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of
> Peter van Dijk
> Sent: Monday, February 12, 2001 9:04 PM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: Re: Fwd: Re: phpnuke, security problem...
>
>
> On Mon, Feb 12, 2001 at 11:07:15AM -0000, Joao Gouveia wrote:
> [snip]
> > > > Example:
> > > > http://www.phpnuke.org/opendir.php?requesturl=/etc/passwd
>
> You can actually insert any URL instead of "/etc/passwd" and have
> it read. Depending on the server's configuration, this could be
> abused to execute PHP code, probably, and from that, any UNIX shell
> command.
>
> The author obviously doesn't care about security.
>
> Greetz, Peter.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOokAddmibtokx6KuEQKuZwCgrauPSZwlwRo657YRoHUATjAQEtQAoMIW
JVHbb1Rt3IU/ZPKVhYdmuwTM
=meWh
-----END PGP SIGNATURE-----
