Informations : °°°°°°°°°°°°°° Product : PHP-Nuke Version : 6.0 (other versions not tested jet) Website : http://www.phpnuke.org Problems : - Path Disclosure Hi all, here is other path disclosure vulneravilitie in phpnuke 6.0: xploit: http://target.com/modules.php?name=Your_Account&op=userinfo&uname= If the module "your acount" is enabled (i guess ALL phpnuke users have it enabled) and is for all user may see that url... then that bug is enabled, if you put "your acount" as only registred/administrator users... then nobody can create a new acount... Any hints to correct this bug? Also i have tested it on phpnuke.org and it is vulnerable to... other phpnuke based's web are also vuln... Have a nice day, and sorry by my bad english... :) also sorry by using the header of the report of Frog Man, but i dont know which is the correct format to send this kind of stuff.
This archive was generated by hypermail 2b30 : Tue Dec 24 2002 - 01:24:33 PST