[28304] in bugtraq
PHPNuke 6.0 path disclosure [again]
daemon@ATHENA.MIT.EDU (Ing. Bernardo Lopez)
Mon Dec 23 15:36:45 2002
From: "Ing. Bernardo Lopez" <bloodk@prodigy.net.mx>
To: bugtraq@securityfocus.com
In-Reply-To: <F141x7FHpOQIkxlrGoc000107f6@hotmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Date: 22 Dec 2002 05:27:48 -0600
Message-Id: <1040556468.9939.8.camel@capskiller.localdomain>
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Informations :
°°°°°°°°°°°°°°
Product : PHP-Nuke
Version : 6.0 (other versions not tested jet)
Website : http://www.phpnuke.org
Problems :
- Path Disclosure
Hi all, here is other path disclosure vulneravilitie in phpnuke 6.0:
xploit:
http://target.com/modules.php?name=Your_Account&op=userinfo&uname=
If the module "your acount" is enabled (i guess ALL phpnuke users have
it enabled) and is for all user may see that url... then that bug is
enabled, if you put "your acount" as only registred/administrator
users... then nobody can create a new acount...
Any hints to correct this bug?
Also i have tested it on phpnuke.org and it is vulnerable to... other
phpnuke based's web are also vuln...
Have a nice day, and sorry by my bad english... :) also sorry by using
the header of the report of Frog Man, but i dont know which is the
correct format to send this kind of stuff.
