Users login

Create an account »


Users login

Home » Hacking News » phpmynuke css and phpinfo() vulnerability

phpmynuke css and phpinfo() vulnerability

by Nikola Strahija on January 8th, 2003 myphpnuke version 1.8.8_final_7 and prior that contain sysinfo are vulnerable to both css attack and phpinfo() Disclosure.

The problem is that
unlike the rest of the scripts under /admin/, sysinfo's footer script
called system_footer.php does not check who the user is.
Inside system_footer.php the following code is run:
echo "
echo "

Thus showing any remote user sensitive data about the server.


Another problem in myphpnuke is the unchecked template includes.




...and a couple more of these exist.

- Mindwarper
-- [email protected]

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »