[29495] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: PHPNuke viewpage.php allows Remote File retrieving

daemon@ATHENA.MIT.EDU (Tonu Samuel)
Wed Mar 26 17:47:54 2003

From: Tonu Samuel <tonu@please.do.not.remove.this.spam.ee>
To: bugtraq@securityfocus.com
In-Reply-To: <20030326022821.48e4e54f.negative@magnesium.net>
Content-Type: text/plain; charset=ISO-8859-1
Date: 26 Mar 2003 09:26:08 +0200
Message-Id: <1048663568.1565.30.camel@linux>
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit

On Tue, 2003-03-25 at 21:28, Jim Geovedi wrote:
> On Tue, 25 Mar 2003 11:59:26 -0600 DaiTengu wrote:
> > > viewpage.php is a part of PHPNuke.
> > > The Script allows an attacker to view all files on the System.
> > > 
> > > Example:
> > > 
> > > http://server.com/viewpage.php?file=/etc/passwd

Not repeatable with 6.0

  Tõnu


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29495] in bugtraq

Re: PHPNuke viewpage.php allows Remote File retrieving

daemon@ATHENA.MIT.EDU (Tonu Samuel)Wed Mar 26 17:47:54 2003

daemon@ATHENA.MIT.EDU (Tonu Samuel)
Wed Mar 26 17:47:54 2003