ID SECURITYVULNS:DOC:7827Type securityvulnsReporter SecurityvulnsModified 2005-02-15T00:00:00
Description
{================================================================================}
{ [waraxe-2005-SA#040]
Author: Janek Vind "waraxe"
Date: 14. February 2005
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-40.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Php-Nuke is a popular opensource content management
system, written in php by
Francisco Burzi. This CMS is used on many thousands
websites, because it's
freeware, easy to install and manage and has broad set
of features.
Homepage: http://phpnuke.org
Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A - Full Path Disclosure
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A1 - full path disclosure in "db/db.php":
http://localhost/nuke75/db/db.php
Fatal error: Cannot instantiate non-existent class:
sql_db in D:\apache_wwwroot\nuke75\db\db.php
on line 86
A2 - full path disclosure in "mainfile.php":
http://localhost/nuke75/index.php?inside_mod=1
Warning: main(../../config.php): failed to open
stream:
No such file or directory in
D:\apache_wwwroot\nuke75\mainfile.php
on line 103
Fatal error: main(): Failed opening required
'../../config.php'
(include_path='.;c:\php4\pear') in
D:\apache_wwwroot\nuke75\mainfile.php
on line 10
A3 - full path disclosure in
"modules/Downloads/index.php":
http://localhost/nuke75/modules.php?name=Downloads&d_op=menu
error: Call to undefined function: opentable() in
D:\apache_wwwroot\nuke75\modules\Downloads\index.php
on line 75
A4 - full path disclosure in
"modules/Web_Links/index.php":
http://localhost/nuke75/modules.php?name=Web_Links&l_op=menu
Fatal error: Call to undefined function: opentable()
in
D:\apache_wwwroot\nuke75\modules\Web_Links\index.php
on line 65
B - Cross-Site Scripting aka XSS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
B1 - xss in "/modules/Downloads/index.php":
http://localhost/nuke75/modules.php?name=Downloads&d_op=NewDownloads
&newdownloadshowdays=[xss code here]
B2 - xss in "/modules/Web_Links/index.php":
http://localhost/nuke75/modules.php?name=Web_Links&l_op=NewLinks
&newlinkshowdays=[xss code here]
How to fix:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to fix those bugs -
http://www.waraxe.us/forums.html
Additional resources:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Base64 encoder and decoder -
http://base64-encoder-online.waraxe.us/
SiteMapper - free php script for phpNuke powered
websites -
new version 0.2 available for download -
http://sitemapper.waraxe.us/
Greetings:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greets to icenix, Raido Kerna, g0df4th3r and
slimjim100!
Tervitused - Heintz!
Contact:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
come2waraxe@yahoo.com
Janek Vind "waraxe"
Homepage: http://www.waraxe.us/
---------------------------------- [ EOF ]
Do you Yahoo!?
Yahoo! Mail - Easier than ever with enhanced search. Learn more.
http://info.mail.yahoo.com/mail_250
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
{"id": "SECURITYVULNS:DOC:7827", "bulletinFamily": "software", "title": "[Full-Disclosure] [waraxe-2005-SA#040] - Full path disclosure and XSS in PhpNuke 6.x-7.6", "description": "\r\n\r\n{================================================================================}\r\n{ [waraxe-2005-SA#040] \r\n }\r\n{================================================================================}\r\n{ \r\n }\r\n{ [ Full path disclosure and XSS in\r\nPhpNuke 6.x-7.6 ] }\r\n{ \r\n }\r\n{================================================================================}\r\n \r\n \r\n \r\nAuthor: Janek Vind "waraxe"\r\nDate: 14. February 2005\r\nLocation: Estonia, Tartu\r\nWeb: http://www.waraxe.us/advisory-40.html\r\n\r\n\r\nTarget software description:\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\nPhp-Nuke is a popular opensource content management\r\nsystem, written in php by\r\nFrancisco Burzi. This CMS is used on many thousands\r\nwebsites, because it's \r\nfreeware, easy to install and manage and has broad set\r\nof features.\r\n\r\nHomepage: http://phpnuke.org\r\n\r\n\r\nVulnerabilities:\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\n\r\nA - Full Path Disclosure\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\nA1 - full path disclosure in "db/db.php":\r\n\r\nhttp://localhost/nuke75/db/db.php\r\n\r\nFatal error: Cannot instantiate non-existent class:\r\nsql_db in D:\apache_wwwroot\nuke75\db\db.php\r\non line 86\r\n\r\n\r\nA2 - full path disclosure in "mainfile.php":\r\n\r\nhttp://localhost/nuke75/index.php?inside_mod=1\r\n\r\nWarning: main(../../config.php): failed to open\r\nstream:\r\nNo such file or directory in\r\nD:\apache_wwwroot\nuke75\mainfile.php\r\non line 103\r\n\r\nFatal error: main(): Failed opening required\r\n'../../config.php' \r\n(include_path='.;c:\php4\pear') in\r\nD:\apache_wwwroot\nuke75\mainfile.php\r\non line 10\r\n\r\n\r\nA3 - full path disclosure in\r\n"modules/Downloads/index.php":\r\n\r\nhttp://localhost/nuke75/modules.php?name=Downloads&d_op=menu\r\n\r\nerror: Call to undefined function: opentable() in\r\nD:\apache_wwwroot\nuke75\modules\Downloads\index.php\r\non line 75\r\n\r\n\r\n\r\nA4 - full path disclosure in\r\n"modules/Web_Links/index.php":\r\n\r\nhttp://localhost/nuke75/modules.php?name=Web_Links&l_op=menu\r\n\r\nFatal error: Call to undefined function: opentable()\r\nin\r\nD:\apache_wwwroot\nuke75\modules\Web_Links\index.php\r\non line 65\r\n\r\n\r\n\r\nB - Cross-Site Scripting aka XSS\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\nB1 - xss in "/modules/Downloads/index.php":\r\n\r\nhttp://localhost/nuke75/modules.php?name=Downloads&d_op=NewDownloads\r\n&newdownloadshowdays=[xss code here]\r\n\r\n\r\nB2 - xss in "/modules/Web_Links/index.php":\r\n\r\nhttp://localhost/nuke75/modules.php?name=Web_Links&l_op=NewLinks\r\n&newlinkshowdays=[xss code here]\r\n\r\n\r\n\r\nHow to fix:\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\n\r\nHow to fix those bugs -\r\nhttp://www.waraxe.us/forums.html\r\n\r\n\r\nAdditional resources:\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\nBase64 encoder and decoder -\r\nhttp://base64-encoder-online.waraxe.us/\r\n\r\nSiteMapper - free php script for phpNuke powered\r\nwebsites -\r\nnew version 0.2 available for download -\r\nhttp://sitemapper.waraxe.us/\r\n\r\n\r\nGreetings:\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\nGreets to icenix, Raido Kerna, g0df4th3r and\r\nslimjim100!\r\nTervitused - Heintz!\r\n\r\nContact:\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\n come2waraxe@yahoo.com\r\n Janek Vind "waraxe"\r\n\r\n Homepage: http://www.waraxe.us/\r\n\r\n---------------------------------- [ EOF ]\r\n------------------------------------\r\n\r\n\r\n\r\n \r\n__________________________________ \r\nDo you Yahoo!? \r\nYahoo! Mail - Easier than ever with enhanced search. Learn more.\r\nhttp://info.mail.yahoo.com/mail_250\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.netsys.com/full-disclosure-charter.html", "published": "2005-02-15T00:00:00", "modified": "2005-02-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:7827", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:12", "edition": 1, "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE", "modified": "2018-08-31T11:10:12", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB3023167", "KB2880833", "KB2874216", "KB3209587", "KB2788321", "KB981401", "KB955430"]}, {"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_D887B3D9736611EAB81A001CC0382B2F.NASL", "FREEBSD_PKG_090763F6703011EA93DD080027846A02.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892164"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "freebsd", "idList": ["D887B3D9-7366-11EA-B81A-001CC0382B2F"]}, {"type": "zdt", "idList": ["1337DAY-ID-34159", "1337DAY-ID-34153", "1337DAY-ID-34161", "1337DAY-ID-34158", "1337DAY-ID-34154", "1337DAY-ID-34157"]}], "modified": "2018-08-31T11:10:12", "rev": 2}, "vulnersScore": 2.1}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **84[.]19.175.165** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **29**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **tor_node**.\nASN 31103: (First IP 84.19.160.0, Last IP 84.19.191.255).\nASN Name \"KEYWEBAS\" and Organisation \"\".\nASN hosts 80429 domains.\nGEO IP information: City \"\", Country \"Germany\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:D24D077E-7827-3E4D-8661-ABF65ADC5A9A", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 84.19.175.165", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-25T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **onlinebanking-authpayee[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **20**.\n First seen: 2021-02-25T03:00:00, Last seen: 2021-02-25T03:00:00.\n IOC tags: **phishing**.\nWhois:\n Created: 2021-02-24 16:13:37, \n Registrar: NAMECHEAP INC, \n Registrant: WhoisGuard Inc.\nIOC could be a **False Positive** (Domain not resolved, but Whois records found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-25T00:00:00", "id": "RST:961DCE64-7827-397E-A3FB-7945D32895FF", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: onlinebanking-authpayee.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **80[.]15.39.135** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **5**.\n First seen: 2020-06-22T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **scan, generic**.\nASN 3215: (First IP 80.12.255.0, Last IP 80.15.223.255).\nASN Name \"AS3215\" and Organisation \"\".\nASN hosts 146228 domains.\nGEO IP information: City \"\", Country \"France\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-06-22T00:00:00", "id": "RST:5D6AE346-7827-319B-A2B2-000E8A71F93D", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 80.15.39.135", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **earandup[.]trade** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2020-01-27T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 91[.]195.240.12\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-27T00:00:00", "id": "RST:347CC05C-7827-376D-8FED-388988327849", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: earandup.trade", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **139[.]196.240.35** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-24T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **shellprobe**.\nASN 37963: (First IP 139.196.0.0, Last IP 139.196.255.255).\nASN Name \"CNNICALIBABACNNETAP\" and Organisation \"Hangzhou Alibaba Advertising CoLtd\".\nASN hosts 2755153 domains.\nGEO IP information: City \"\", Country \"China\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-24T00:00:00", "id": "RST:45142E38-7827-32F8-A70B-F4B6711F32B7", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 139.196.240.35", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **202[.]62.84.210** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **generic**.\nASN 17483: (First IP 202.62.64.0, Last IP 202.62.95.255).\nASN Name \"CITYSERVASAP\" and Organisation \"CityOnline Services Ltd\".\nASN hosts 100 domains.\nGEO IP information: City \"Vijayawada\", Country \"India\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:D2D8A841-7827-38ED-AB97-DCE51F0FFB92", "href": "", "published": "2021-02-25T00:00:00", "title": "RST Threat feed. IOC: 202.62.84.210", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **register[.]triplemining.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-04-17T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-04-17T00:00:00", "id": "RST:38834AB0-7827-33F7-A8DC-B60ACAB65F1A", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: register.triplemining.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **pm[.]huobipool.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-08-04T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-08-04T00:00:00", "id": "RST:04F0D5B1-7827-3C07-AFE8-7D9F01A852E3", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: pm.huobipool.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **hostmaster[.]hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.www.etc.cryptopool.online** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-01-10T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-10T00:00:00", "id": "RST:7298C1CD-7827-3239-A76A-B9DA6A7C247C", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.www.etc.cryptopool.online", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **seed-fra-6[.]inf.nimiq.network** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:6839D2CC-7827-3EC2-B18F-89C0D015B670", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: seed-fra-6.inf.nimiq.network", "type": "rst", "cvss": {}}]}
