PHP Nuke Remote Ad Banner URL Change Vulnerability

PHP-Nuke is a website creation/maintainence tool written in PHP3.

A PHP-Nuke feature supporting cycling ad banners is subject to interference from a remote user.

A querystring can be submitted to an unpatched server which allows the remote user to specify a new destination URL to be opened in a visitor's browser upon clicking a PHP-nuke site's ad banner.

By changing the click-through destination of a banner ad, an attacker could interfere with the target's ad-based revenue generation.


Privacy Statement
Copyright 2010, SecurityFocus