PHP-Nuke module PHP-Banner-Exchange path disclosure

From: Lorenzo Manuel Hernandez Garcia-Hierro (securityat_private)
Date: Sun May 18 2003 - 03:14:12 PDT

Next message: Knud Erik Højgaard: "Maelstrom Local Buffer Overflow Exploit, FreeBSD 4.8 edition"

Previous message: Lorenzo Manuel Hernandez Garcia-Hierro: "PHP-Nuke Denial of Service attack and more SQL Injections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) ------- Product: PHP-Nuke Vendor: F.Burzi Module: PHP-Banner Exchange Version: 1.2 ------- Accessing directly to the PHP Banner Exchange module and without a specified file : http://[target]/modules/phpbannerexchange/ ( phpbannerexchange module directory ) you get this: Warning: main(mainfile.php) [function.main]: failed to create stream: No such file or directory in /home/phpnuke- /public_html/modules/phpbannerexchange/index.php on line 20 Fatal error: main() [function.main]: Failed opening required 'mainfile.php' (include_path='') in /home/phpnuke- /public_html/modules/phpbannerexchange/index.php on line 20 (Paths related your local paths in your server) --------- SOLUTION: --------- Configure your php.ini errors flags or by hand-editing the original module files .

Next message: Knud Erik Højgaard: "Maelstrom Local Buffer Overflow Exploit, FreeBSD 4.8 edition"
Previous message: Lorenzo Manuel Hernandez Garcia-Hierro: "PHP-Nuke Denial of Service attack and more SQL Injections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 20 2003 - 13:35:58 PDT