PHP-Nuke NukeJokes Module Path Disclosure

2004-05-08T05:09:31
ID OSVDB:6011
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-05-08T05:09:31

Description

Vulnerability Description

NukeJokes contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate the "jokeid" or "cat" variables upon submission to the NukeJokes module. This could allow a remote attacker to create specially crafted GET requests, which will disclose the installation path resulting in a loss of confidentiality.

Solution Description

Upgrade to version 2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

NukeJokes contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate the "jokeid" or "cat" variables upon submission to the NukeJokes module. This could allow a remote attacker to create specially crafted GET requests, which will disclose the installation path resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/nuke72/modules/NukeJokes/mainfunctions.php http://[victim]/nuke72/modules.php?name=NukeJokes&func=JokeView&jokeid=foobar http://[victim]/nuke72/modules.php?name=NukeJokes&func=CatView&cat=foobar

References:

Vendor URL: http://funportal.beanwebb.com/ Security Tracker: 1010102 Secunia Advisory ID:11579 Related OSVDB ID: 6013 Related OSVDB ID: 6012 Other Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=28 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-05/0067.html ISS X-Force ID: 16094 CVE-2004-2009