PHP Nuke 5.X path disclosure vulnerability through modules.php.
449ce4c727ea19f1f0a054b166eb8e1f6d5390c8d988b1c57504ebfc6d2c717a
// PHP Nuke 5.X ? Path disclosure vuln through modules.php by Patryk K. (echo7) //
// patryk@newyork.com http://nyshock.hypermart.net //
// efnet #dna //
PHP Nuke can expose full Path beginning with root dir
Which can be used to plan further attack against a Vulnerable
website, Disposing Information as such can give attacker idea
how badly PHP nuke processes calls devried from php-nuke system
here's example
http://example.com/modules.php?op=modload&name=0&file=0
will return:
Warning: Failed opening 'modules/0/0.php' for inclusion (include_path='.:/usr/local/lib/php')
in /users/thisuser/example.com/modules.php on line 23
I didn't have enough time to play around with it so i decided to
post it as it is, also where name=0 the 0 will show in path so I guess
PHP code insertion would work ?
If you have comments questions email me :)
Solution :
php-nuke developers should have some patches coming :)