Home page logo

bugtraq logo Bugtraq mailing list archives

Re: PHPNuke viewpage.php allows Remote File retrieving
From: <admin () gaylenandmargie com>
Date: 25 Mar 2003 21:57:26 -0000

In-Reply-To: <20030326022821.48e4e54f.negative () magnesium net>

From: Jim Geovedi <negative () magnesium net>
To: bugtraq () securityfocus com
Subject: Re: PHPNuke viewpage.php allows Remote File retrieving
Message-Id: <20030326022821.48e4e54f.negative () magnesium net>
In-Reply-To: <3E8098FE.3070808 () war-ensemble com>
References: <20030325163207.13063.qmail () www securityfocus com>
      <3E8098FE.3070808 () war-ensemble com>
Organization: Will Work For Bandwidth, Inc.
X-Mailer: Superunknown.
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 25 Mar 2003 11:59:26 -0600 DaiTengu wrote:
viewpage.php is a part of PHPNuke.
The Script allows an attacker to view all files on the System.



umm, what version of phpNuke is vulnerable to this? as far as I'm
aware, there has not been any viewpage.php since before 5.0...

I beleive this was reported then as well. 
reguardless, this is not true with 6.0

it's repeatable on PHP-Nuke 6.5.

      Jim Geovedi <negative () magnesium net>

 I have the vanilla 6.5 and there is no viewpage.php file in the package 
that I can find.  Are you sure that this isn't in an addon?  Or possibly 
left over from a previous version that was never cleared out when phpnuke 
was updated?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]