On Tue, 25 Mar 2003 11:59:26 -0600 DaiTengu wrote: > > viewpage.php is a part of PHPNuke. > > The Script allows an attacker to view all files on the System. > > > > Example: > > > > http://server.com/viewpage.php?file=/etc/passwd > > umm, what version of phpNuke is vulnerable to this? as far as I'm > aware, there has not been any viewpage.php since before 5.0... > > I beleive this was reported then as well. > reguardless, this is not true with 6.0 it's repeatable on PHP-Nuke 6.5. -- Jim Geovedi <negative@magnesium.net>
