AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
November 21, 2008, 01:21:59 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4633 Members
Latest Member: keplekidsCini
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Php-Nuke Alerts  |  Topic: Php-Nuke Full Path Disclosure Hole 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Php-Nuke Full Path Disclosure Hole  (Read 1087 times)
AlphaWolf
AOT Administrator
Administrator
Hero Member
*****
Offline Offline

Posts: I am a geek!!



View Profile WWW
Php-Nuke Full Path Disclosure Hole
« on: February 19, 2005, 12:00:08 AM »
Full path disclosure and XSS in PhpNuke 6.x-7.6





Author: Janek Vind "waraxe"
Date: 14. February 2005
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-40.html


Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Php-Nuke is a popular opensource content management system, written in php by
Francisco Burzi. This CMS is used on many thousands websites, because it's
freeware, easy to install and manage and has broad set of features.

Homepage: http://phpnuke.org


Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


A - Full Path Disclosure
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A1 - full path disclosure in "db/db.php":

http://localhost/nuke75/db/db.php

Fatal error: Cannot instantiate non-existent class:
sql_db in D:apache_wwwroot
uke75dbdb.php
on line 86


A2 - full path disclosure in "mainfile.php":

http://localhost/nuke75/index.php?inside_mod=1

Warning: main(../../config.php): failed to open stream:
No such file or directory in D:apache_wwwroot
uke75mainfile.php
on line 103

Fatal error: main(): Failed opening required '../../config.php'
(include_path='.;c:php4pear') in D:apache_wwwroot
uke75mainfile.php
on line 10


A3 - full path disclosure in "modules/Downloads/index.php":

http://localhost/nuke75/modules.php?name=Downloads&d_op=menu

error: Call to undefined function: opentable() in
D:apache_wwwroot
uke75modulesDownloadsindex.php on line 75



A4 - full path disclosure in "modules/Web_Links/index.php":

http://localhost/nuke75/modules.php?name=Web_Links&l_op=menu

Fatal error: Call to undefined function: opentable() in
D:apache_wwwroot
uke75modulesWeb_Linksindex.php on line 65



B - Cross-Site Scripting aka XSS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

B1 - xss in "/modules/Downloads/index.php":

http://localhost/nuke75/modules.php?name=Downloads&d_op=NewDownloads
&newdownloadshowdays=[xss code here]


B2 - xss in "/modules/Web_Links/index.php":

http://localhost/nuke75/modules.php?name=Web_Links&l_op=NewLinks
&newlinkshowdays=[xss code here]



How to fix:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


How to fix those bugs - http://www.waraxe.us/forums.html


Additional resources:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Base64 encoder and decoder - http://base64-encoder-online.waraxe.us/

SiteMapper - free php script for phpNuke powered websites -
new version 0.2 available for download - http://sitemapper.waraxe.us/
« Last Edit: February 19, 2005, 12:01:58 AM by AlphaWolf » Logged
AlphaOne Tech Webmaster Resources
http://www.alphaone-tech.com/resources/
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Php-Nuke Alerts  |  Topic: Php-Nuke Full Path Disclosure Hole « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!