Re: PHPNuke viewpage.php allows Remote File retrieving

From: Tonu Samuel (tonuat_private)
Date: Tue Mar 25 2003 - 23:26:08 PST

Next message: Immunix Security Team: "[Immunix-announce] Immunix Secured OS 7+ openssl update"

Previous message: Dave Aitel: "Re: WebDAV exploit: using wide character decoder scheme"
In reply to: Jim Geovedi: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Next in thread: adminat_private: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2003-03-25 at 21:28, Jim Geovedi wrote:
> On Tue, 25 Mar 2003 11:59:26 -0600 DaiTengu wrote:
> > > viewpage.php is a part of PHPNuke.
> > > The Script allows an attacker to view all files on the System.
> > > 
> > > Example:
> > > 
> > > http://server.com/viewpage.php?file=/etc/passwd

Not repeatable with 6.0

  Tõnu

Next message: Immunix Security Team: "[Immunix-announce] Immunix Secured OS 7+ openssl update"
Previous message: Dave Aitel: "Re: WebDAV exploit: using wide character decoder scheme"
In reply to: Jim Geovedi: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Next in thread: adminat_private: "Re: PHPNuke viewpage.php allows Remote File retrieving"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 14:47:36 PST