Author: Janek Vind "waraxe"
Date: 23. April 2004
Location: Estonia, Tartu
Web: http://www.waraxe.us/index.php?modname=sa&id=23
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Php-Nuke is popular freeware content management system, written in php by
Francisco Burzi. This CMS (Content Management System) is used on many thousands
websites, because it`s free of charge, easy to install and has broad set of features.
Homepage: http://phpnuke.org
Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A. Full path disclosure:
A1 - all scripts in "admin/links/" directory are not protected against direct access
Example:
http://localhost/nuke72/admin/links/links.blocks.php?radminsuper=1
... and we will see standard php error messages, revealing full path to script:
Fatal error: Call to undefined function: adminmenu() in D:apache_wwwroot
uke72adminlinkslinks.blocks.php on line 16
B. Cross-site scripting aka XSS:
PhpNuke has built-in filtering against XSS exploits, so additional measures must be used
for successful cross-site scripting.
B1 - XSS through unsanitaized user submitted variable "year" in Statistics module
http://localhost/nuke72/modules.php?name=Statistics&op=DailyStats&year=[xss code here]&month=12
Greetings:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greets to torufoorum members and to all bugtraq readers in Estonia! Tervitused!
Special greets to http://www.gamecheaters.us staff!
Contact:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
come2waraxe@yahoo.com
Janek Vind "waraxe"
Homepage: http://www.waraxe.us/
---------------------------------- [ EOF ] ------------------------------------
Copyright © by Waraxe IT Security Portal All Right Reserved.
Published on: 2005-01-06 (6721 reads)
[ Go Back ]