Bugtraq mailing list archives

Multiple vulnerabilities PHP-Nuke

From: "Dark Bicho" <k1ll3rb0y () hotmail com>
Date: Mon, 07 Jun 2004 16:30:38 -0500

original advisory : http://bichosoft.webcindario.com/advisory-05.txt

-------------------------------------------------------------------------------------------------

                           :.: Multiple vulnerabilities PHP-Nuke :.:

 PROGRAM: PHP-Nuke
 HOMEPAGE: http://phpnuke.org/
 VERSION: 6.x, 7.2, 7.3
 BUG: Multiple vulnerabilities
 DATE:  14/05/2004
 AUTHOR: DarkBicho
         web: http://www.darkbicho.tk
         team: Security Wari Proyects <www.swp-zone.org>
         Email: darkbicho () peru com

-------------------------------------------------------------------------------------------------


1.- Affected software description:
   -----------------------------

   Php-Nuke is a popular content management system, written in php by
   Francisco Burzi.

2.- Vulnerabilities:
   ---------------

A. Full path disclosure:

   This vulnerability would allow a remote user to determine the full

path to the web root directory and other potentially sensitiveinformation.


   :.: Examples:

http://localhost/nuke1/modules.php?name=Reviews&rop=showcontent&id='DarkBicho

Warning: date(): Windows does not support dates prior to midnight(00:00:00),January 1, 1970 in c:\appserv\www\nuke1\modules\Reviews\index.php online 527


B. Cross-Site Scripting aka XSS:

   :.: id :

*http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a


   <input type=hidden name=id value='>

   :.: title :

*http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a


   :.: Examples:

http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='<h1>DarkBicho</h1&title=ahttp://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=<h1>DarkBicho</h1>



3.- SOLUTION:
    ¨¨¨¨¨¨¨¨

Vendors were contacted many weeks ago and plan to release a fixedversion soon.

   Check the PHP-NUKE website for updates and official release details.


4.- Greetings:
   ---------

   greetings to my Peruvian group swp and perunderforce :D
   "EL PISCO ES Y SERA PERUANO"


5.- Contact
   -------

        WEB: http://www.darkbicho.tk
        EMAIL: darkbicho () peru com

-------------------------------------------------------------------------------------------------
                               ___________      ____________
                              /   _____/  \    /  \______   \
                              \_____  \\   \/\/   /|     ___/
                             /        \\        / |    |
                            /_______  / \__/\  /  |____|
                            \/       \/

                               Security Wari Projects
                                 (c) 2002 - 2004
                                    Made in Peru

----------------------------------------[ EOF]----------------------------------------------


_________________________________________________________________

Consigue aquí las mejores y mas recientes ofertas de trabajo en AméricaLatina y USA: http://latam.msn.com/empleos/

Current thread:

Multiple vulnerabilities PHP-Nuke Dark Bicho (Jun 07)
- RE: Multiple vulnerabilities PHP-Nuke Jeruvy (Jun 08)
- <Possible follow-ups>
- Re: Multiple vulnerabilities PHP-Nuke Squid (Jun 10)
  - RE: Multiple vulnerabilities PHP-Nuke Jeruvy (Jun 12)