On Thu, Oct 17, 2002 at 05:50:10AM +0800, Zero-X ScriptKiddy wrote: > The file "phptonuke.php" from myphpnuke allows Remote File Retrieving. > > Exploit Example: > http://website.com/phptonuke.php?filnavn=/etc/passwd This is not really a specific vulnerability in the application, but a more general PHP feature: by default, it is possible to open any world readable file. You can override this by using openbase_dir setting in php.ini and restricting file operations to a specified subset of paths. -- BlueRaven There are only 10 types of people in this world... those who understand binary, and those who don't.