[29472] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: PHPNuke viewpage.php allows Remote File retrieving

daemon@ATHENA.MIT.EDU (Jim Geovedi)
Tue Mar 25 15:46:04 2003

Date: Wed, 26 Mar 2003 02:28:21 +0700
From: Jim Geovedi <negative@magnesium.net>
To: bugtraq@securityfocus.com
Message-Id: <20030326022821.48e4e54f.negative@magnesium.net>
In-Reply-To: <3E8098FE.3070808@war-ensemble.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 25 Mar 2003 11:59:26 -0600 DaiTengu wrote:
> > viewpage.php is a part of PHPNuke.
> > The Script allows an attacker to view all files on the System.
> > 
> > Example:
> > 
> > http://server.com/viewpage.php?file=/etc/passwd
> 
> umm, what version of phpNuke is vulnerable to this? as far as I'm
> aware, there has not been any viewpage.php since before 5.0...
> 
> I beleive this was reported then as well. 
> reguardless, this is not true with 6.0

it's repeatable on PHP-Nuke 6.5.

-- 
	Jim Geovedi <negative@magnesium.net>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29472] in bugtraq

Re: PHPNuke viewpage.php allows Remote File retrieving

daemon@ATHENA.MIT.EDU (Jim Geovedi)Tue Mar 25 15:46:04 2003

daemon@ATHENA.MIT.EDU (Jim Geovedi)
Tue Mar 25 15:46:04 2003