PHP-Nuke Downloads Module show Variable Path Disclosure

2004-05-05T04:07:25
ID OSVDB:5913
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-05-05T04:07:25

Description

Vulnerability Description

PHP-Nuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user submits an HTTP request using the variable "show" to elicit an error message from the [victim], which will disclose absolute path information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PHP-Nuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user submits an HTTP request using the variable "show" to elicit an error message from the [victim], which will disclose absolute path information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/nuke72/modules.php?name=Downloads&d_op=viewdownload&cid=2&show=foobar

yields: Warning: Division by zero in D:\apache_wwwroot\nuke72\modules\Downloads\index.php

References:

Vendor URL: http://phpnuke.org Secunia Advisory ID:11553 Related OSVDB ID: 5914 Related OSVDB ID: 5915 Other Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=27 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0230.html CVE-2004-1998