Reporter Patryk K.
`// PHP Nuke 5.X ? Path disclosure vuln through modules.php by Patryk K. (echo7) //
// email@example.com http://nyshock.hypermart.net //
// efnet #dna //
PHP Nuke can expose full Path beginning with root dir
Which can be used to plan further attack against a Vulnerable
website, Disposing Information as such can give attacker idea
how badly PHP nuke processes calls devried from php-nuke system
Warning: Failed opening 'modules/0/0.php' for inclusion (include_path='.:/usr/local/lib/php')
in /users/thisuser/example.com/modules.php on line 23
I didn't have enough time to play around with it so i decided to
post it as it is, also where name=0 the 0 will show in path so I guess
PHP code insertion would work ?
If you have comments questions email me :)
php-nuke developers should have some patches coming :)