Type packetstorm
Reporter Patryk K.
Modified 2002-03-14T00:00:00


                                            `// PHP Nuke 5.X ? Path disclosure vuln through modules.php by Patryk K. (echo7) //  
// //  
// efnet #dna //  
PHP Nuke can expose full Path beginning with root dir   
Which can be used to plan further attack against a Vulnerable   
website, Disposing Information as such can give attacker idea  
how badly PHP nuke processes calls devried from php-nuke system  
here's example  
will return:  
Warning: Failed opening 'modules/0/0.php' for inclusion (include_path='.:/usr/local/lib/php')  
in /users/thisuser/ on line 23  
I didn't have enough time to play around with it so i decided to   
post it as it is, also where name=0 the 0 will show in path so I guess  
PHP code insertion would work ?  
If you have comments questions email me :)  
Solution :  
php-nuke developers should have some patches coming :)