myphpnuke version 1.8.8_final_7 and prior that contain sysinfo are vulnerable to both css attack and phpinfo() Disclosure. The problem is that unlike the rest of the scripts under /admin/, sysinfo's footer script called system_footer.php does not check who the user is. Inside system_footer.php the following code is run: echo "<br>"; phpinfo(); echo "<br>"; Thus showing any remote user sensitive data about the server. - Another problem in myphpnuke is the unchecked template includes. Examples: http://victim/html/partner.php?mainfile=anything&Default_Theme='<script>aler t(document.cookie);</script> http://victim/html/chatheader.php?mainfile=anything&Default_Theme='<script>a lert(document.cookie);</script> ...and a couple more of these exist. - Mindwarper -- logger@hehe.com _____________________________________________ Free email with personality! Over 200 domains! http://www.MyOwnEmail.com Looking for friendships,romance and more? http://www.MyOwnFriends.com
