phpnukeEKO.txt

2002-03-14T00:00:00
ID PACKETSTORM:25885
Type packetstorm
Reporter Patryk K.
Modified 2002-03-14T00:00:00

Description

                                        
                                            `// PHP Nuke 5.X ? Path disclosure vuln through modules.php by Patryk K. (echo7) //  
// patryk@newyork.com http://nyshock.hypermart.net //  
// efnet #dna //  
  
PHP Nuke can expose full Path beginning with root dir   
Which can be used to plan further attack against a Vulnerable   
website, Disposing Information as such can give attacker idea  
how badly PHP nuke processes calls devried from php-nuke system  
  
here's example  
  
http://example.com/modules.php?op=modload&name=0&file=0  
  
will return:  
  
Warning: Failed opening 'modules/0/0.php' for inclusion (include_path='.:/usr/local/lib/php')  
in /users/thisuser/example.com/modules.php on line 23  
  
  
  
  
I didn't have enough time to play around with it so i decided to   
post it as it is, also where name=0 the 0 will show in path so I guess  
PHP code insertion would work ?  
  
If you have comments questions email me :)  
  
Solution :  
  
php-nuke developers should have some patches coming :)  
`