Informations : °°°°°°°°°°°°°° Product : PHP-Nuke Version : 6.0 (other versions not tested jet) Website : http://www.phpnuke.org Problems : - Path Disclosure Hi all, here is other path disclosure vulneravilitie in phpnuke 6.0: xploit: http://target.com/modules.php?name=Your_Account&op=userinfo&uname= If the module "your acount" is enabled (i guess ALL phpnuke users have it enabled) and is for all user may see that url... then that bug is enabled, if you put "your acount" as only registred/administrator users... then nobody can create a new acount... Any hints to correct this bug? Also i have tested it on phpnuke.org and it is vulnerable to... other phpnuke based's web are also vuln... Have a nice day, and sorry by my bad english... :) also sorry by using the header of the report of Frog Man, but i dont know which is the correct format to send this kind of stuff.
