96827 2003-03-25 18:48 /12 rader/ Zero_X www.lobnan.de Team <zero-x@linuxmail.org> Importerad: 2003-03-25 18:48 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <4153> Ärende: PHPNuke viewpage.php allows Remote File retrieving ------------------------------------------------------------ viewpage.php is a part of PHPNuke. The Script allows an attacker to view all files on the System. Example: http://server.com/viewpage.php?file=/etc/passwd Zero X member of www.Lobnan.de (96827) /Zero_X www.lobnan.de Team <zero-x@linuxmail.org>/ Kommentar i text 96834 av Tibor Pittich <Tibor.Pittich@phuture.sk> Kommentar i text 96836 av DaiTengu <daitengu@war-ensemble.com> 96834 2003-03-25 19:55 /28 rader/ Tibor Pittich <Tibor.Pittich@phuture.sk> Importerad: 2003-03-25 19:55 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <4155> Kommentar till text 96827 av Zero_X www.lobnan.de Team <zero-x@linuxmail.org> Ärende: Re: PHPNuke viewpage.php and another SQL injections ------------------------------------------------------------ On 25. mar 2003, 16:32, Zero_X www. lobnan. de Team wrote: > viewpage.php is a part of PHPNuke. > The Script allows an attacker to view all files on the System. > > Example: > > http://server.com/viewpage.php?file=/etc/passwd "great" advisory.. about what version you are talking? latest 'stable' release 6.0 doesn't contain this file, older 4.3 and 4.4 version are negative too.. after some googling i got it, you are talking about phpnuke 6.5.. this problem can be workarrounded with using safe_mode, or open_basedir directives in php configuration, after this your assertion is false, because attacker can't view any files on system. thanks again for detailed advisory.. unfortunately, there is another too strange problems, which is publicated today at site http://www.phpsecure.info/ dedicated to sql injection in phpnuke. one of this is used by brazilian h4x0r which called himself as 'freeck' tonight to change one article at our phpnuke site. (96834) /Tibor Pittich <Tibor.Pittich@phuture.sk>/(Ombruten) Bilaga (application/pgp-signature) i text 96835 96835 2003-03-25 19:55 /8 rader/ Tibor Pittich <Tibor.Pittich@phuture.sk> Importerad: 2003-03-25 19:55 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <4156> Bilaga (text/plain) till text 96834 Ärende: Bilaga till: Re: PHPNuke viewpage.php and another SQL injections ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+gKDdD+AyEdKmHUQRAtMRAKCLEYzje0cKgd3jTyHOhwdNg3r1hQCdENSK 0HTSbFfM56T7R1P0QxGs8K8= =JmI9 -----END PGP SIGNATURE----- (96835) /Tibor Pittich <Tibor.Pittich@phuture.sk>/-- 96836 2003-03-25 20:04 /29 rader/ DaiTengu <daitengu@war-ensemble.com> Importerad: 2003-03-25 20:04 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <4157> Kommentar till text 96827 av Zero_X www.lobnan.de Team <zero-x@linuxmail.org> Ärende: Re: PHPNuke viewpage.php allows Remote File retrieving ------------------------------------------------------------ Zero_X www.lobnan.de Team wrote: > > viewpage.php is a part of PHPNuke. > The Script allows an attacker to view all files on the System. > > Example: > > http://server.com/viewpage.php?file=/etc/passwd > > > umm, what version of phpNuke is vulnerable to this? as far as I'm aware, there has not been any viewpage.php since before 5.0... I beleive this was reported then as well. reguardless, this is not true with 6.0 -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Mike "DaiTengu" Miller UA Site Coordinator: http://www.unitedadmins.com Webmaster: http://war-ensemble.com Sysop: telnet://bbs.war-ensemble.com StatsMe Team: http://www.unitedadmins.com/StatsMe.php -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- (96836) /DaiTengu <daitengu@war-ensemble.com>/------ Kommentar i text 96843 av Jim Geovedi <negative@magnesium.net> 96843 2003-03-25 21:42 /19 rader/ Jim Geovedi <negative@magnesium.net> Importerad: 2003-03-25 21:42 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <4164> Kommentar till text 96836 av DaiTengu <daitengu@war-ensemble.com> Ärende: Re: PHPNuke viewpage.php allows Remote File retrieving ------------------------------------------------------------ On Tue, 25 Mar 2003 11:59:26 -0600 DaiTengu wrote: > > viewpage.php is a part of PHPNuke. > > The Script allows an attacker to view all files on the System. > > > > Example: > > > > http://server.com/viewpage.php?file=/etc/passwd > > umm, what version of phpNuke is vulnerable to this? as far as I'm > aware, there has not been any viewpage.php since before 5.0... > > I beleive this was reported then as well. > reguardless, this is not true with 6.0 it's repeatable on PHP-Nuke 6.5. -- Jim Geovedi <negative@magnesium.net> (96843) /Jim Geovedi <negative@magnesium.net>/------