Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » PHPNuke 6.0 path disclosure [again]

PHPNuke 6.0 path disclosure [again]

by Nikola Strahija on December 23rd, 2002 Here is other path disclosure vulneravilitie in phpnuke 6.0.


Product : PHP-Nuke
Version : 6.0 (other versions not tested jet)
Website : http://www.phpnuke.org
Problems :
- Path Disclosure
xploit:

http://target.com/modules.php?name=Your_Account&op=userinfo&uname=

If the module "your acount" is enabled (i guess ALL phpnuke users have
it enabled) and is for all user may see that url... then that bug is
enabled, if you put "your acount" as only registred/administrator
users... then nobody can create a new acount...


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »