Lucene search
phpnukeEKO.txt
PHP Nuke 5.X path disclosure vulnerability exposes root directory, posing threat to security.
Show more
`// PHP Nuke 5.X ? Path disclosure vuln through modules.php by Patryk K. (echo7) //
// [email protected] http://nyshock.hypermart.net //
// efnet #dna //
PHP Nuke can expose full Path beginning with root dir
Which can be used to plan further attack against a Vulnerable
website, Disposing Information as such can give attacker idea
how badly PHP nuke processes calls devried from php-nuke system
here's example
http://example.com/modules.php?op=modload&name=0&file=0
will return:
Warning: Failed opening 'modules/0/0.php' for inclusion (include_path='.:/usr/local/lib/php')
in /users/thisuser/example.com/modules.php on line 23
I didn't have enough time to play around with it so i decided to
post it as it is, also where name=0 the 0 will show in path so I guess
PHP code insertion would work ?
If you have comments questions email me :)
Solution :
php-nuke developers should have some patches coming :)
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 Mar 2002 00:00Current
7.4High risk
Vulners AI Score7.4