If you could follow up on this and give more details (versions affected) etc etc; as it stands I'm gonna confirm that viewpage.php hasn't existed for quite some time and that this is a pretty pointless advisory. Thanks, Christopher Warner On Tue, 2003-03-25 at 14:28, Jim Geovedi wrote: > On Tue, 25 Mar 2003 11:59:26 -0600 DaiTengu wrote: > > > viewpage.php is a part of PHPNuke. > > > The Script allows an attacker to view all files on the System. > > > > > > Example: > > > > > > http://server.com/viewpage.php?file=/etc/passwd > > > > umm, what version of phpNuke is vulnerable to this? as far as I'm > > aware, there has not been any viewpage.php since before 5.0... > > > > I beleive this was reported then as well. > > reguardless, this is not true with 6.0 > > it's repeatable on PHP-Nuke 6.5.
Attachment:
signature.asc
Description: This is a digitally signed message part
