[30188] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

PHP-Nuke module PHP-Banner-Exchange path disclosure

daemon@ATHENA.MIT.EDU (Lorenzo Manuel Hernandez Garcia-Hi)
Tue May 20 16:43:08 2003

Date: 18 May 2003 10:14:12 -0000
Message-ID: <20030518101412.20825.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Lorenzo Manuel Hernandez Garcia-Hierro <security@lorenzohgh.com>
To: bugtraq@securityfocus.com



-------
Product: PHP-Nuke
Vendor: F.Burzi
Module:  PHP-Banner Exchange
Version: 1.2
-------

Accessing directly to the PHP Banner Exchange module and without a 
specified file :

http://[target]/modules/phpbannerexchange/ 

( phpbannerexchange module directory )
 
you get this:

Warning: main(mainfile.php) [function.main]: failed to create stream: No 
such file or directory in /home/phpnuke-
/public_html/modules/phpbannerexchange/index.php on line 20

Fatal error: main() [function.main]: Failed opening 
required 'mainfile.php' (include_path='') in /home/phpnuke-
/public_html/modules/phpbannerexchange/index.php on line 20

(Paths related your local paths in your server)

---------
SOLUTION:
---------
Configure your php.ini errors flags or by hand-editing the original 
module files .


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30188] in bugtraq

PHP-Nuke module PHP-Banner-Exchange path disclosure

daemon@ATHENA.MIT.EDU (Lorenzo Manuel Hernandez Garcia-Hi)Tue May 20 16:43:08 2003

daemon@ATHENA.MIT.EDU (Lorenzo Manuel Hernandez Garcia-Hi)
Tue May 20 16:43:08 2003