|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 113
Members: 0
Total: 113
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Exploit in Nuke |
|
Posted: Sat Jul 31, 2004 5:55 pm |
|
|
DaveTomneyUK |
Beginner |
|
|
Joined: Jun 15, 2004 |
Posts: 2 |
|
|
|
|
|
|
|
Hi,
I found a small exploit in PHP-Nuke 7.4 but I have tried a .htaccess file to fix it but nothing i'm doing seems to work anyone got any ideas?
the exploit I found is if you goto: (It gives the folder path)
http://yoursite.com/index.php?forum_admin=1 |
|
|
|
|
Posted: Sat Nov 20, 2004 6:28 am |
|
|
mfdii |
Beginner |
|
|
Joined: Nov 20, 2004 |
Posts: 1 |
|
|
|
|
|
|
|
In the index.php file change the following (starts on line 110):
Code: | if ($forum_admin == 1) {
require_once("../../../config.php")
require_once("../../../db/db.php"); |
to:
Code: | if ($forum_admin == 1) {
@require_once("../../../config.php")
@require_once("../../../db/db.php"); |
this still exists in 7.5 |
|
|
|
|
Posted: Sat Nov 20, 2004 2:40 pm |
|
|
SteX |
Advanced user |
|
|
Joined: May 18, 2004 |
Posts: 181 |
Location: Serbia |
|
|
|
|
|
|
I think its fixed in 7.6.. |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|