Bugtraq mailing list archives
Re: PHPNuke viewpage.php allows Remote File retrieving
From: <admin () gaylenandmargie com>
Date: 25 Mar 2003 21:57:26 -0000
In-Reply-To: <20030326022821.48e4e54f.negative () magnesium net>
From: Jim Geovedi <negative () magnesium net> To: bugtraq () securityfocus com Subject: Re: PHPNuke viewpage.php allows Remote File retrieving Message-Id: <20030326022821.48e4e54f.negative () magnesium net> In-Reply-To: <3E8098FE.3070808 () war-ensemble com> References: <20030325163207.13063.qmail () www securityfocus com> <3E8098FE.3070808 () war-ensemble com> Organization: Will Work For Bandwidth, Inc. X-Mailer: Superunknown. Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Tue, 25 Mar 2003 11:59:26 -0600 DaiTengu wrote:viewpage.php is a part of PHPNuke. The Script allows an attacker to view all files on the System. Example: http://server.com/viewpage.php?file=/etc/passwdumm, what version of phpNuke is vulnerable to this? as far as I'm aware, there has not been any viewpage.php since before 5.0... I beleive this was reported then as well. reguardless, this is not true with 6.0it's repeatable on PHP-Nuke 6.5. -- Jim Geovedi <negative () magnesium net>
I have the vanilla 6.5 and there is no viewpage.php file in the package that I can find. Are you sure that this isn't in an addon? Or possibly left over from a previous version that was never cleared out when phpnuke was updated?
Current thread:
- PHPNuke viewpage.php allows Remote File retrieving Zero_X www . lobnan . de Team (Mar 25)
- Re: PHPNuke viewpage.php and another SQL injections Tibor Pittich (Mar 25)
- Re: PHPNuke viewpage.php allows Remote File retrieving DaiTengu (Mar 25)
- Re: PHPNuke viewpage.php allows Remote File retrieving Jim Geovedi (Mar 25)
- Re: PHPNuke viewpage.php allows Remote File retrieving Christopher Warner (Mar 26)
- Re: PHPNuke viewpage.php allows Remote File retrieving Tonu Samuel (Mar 26)
- Re: PHPNuke viewpage.php allows Remote File retrieving Jim Geovedi (Mar 25)
- <Possible follow-ups>
- Re: PHPNuke viewpage.php allows Remote File retrieving admin (Mar 26)
- Re: PHPNuke viewpage.php allows Remote File retrieving Kevin (Mar 27)
- Re: PHPNuke viewpage.php allows Remote File retrieving admin (Mar 27)