Bugtraq mailing list archives
Re: Fwd: Re: phpnuke, security problem...
From: Peter van Dijk <peter () DATALOSS NL>
Date: Mon, 12 Feb 2001 21:04:10 +0100
On Mon, Feb 12, 2001 at 11:07:15AM -0000, Joao Gouveia wrote: [snip]
Example: http://www.phpnuke.org/opendir.php?requesturl=/etc/passwd
You can actually insert any URL instead of "/etc/passwd" and have it read. Depending on the server's configuration, this could be abused to execute PHP code, probably, and from that, any UNIX shell command. The author obviously doesn't care about security. Greetz, Peter.
Current thread:
- Fwd: Re: phpnuke, security problem... Joao Gouveia (Feb 12)
- Re: Fwd: Re: phpnuke, security problem... Peter van Dijk (Feb 12)
- Re: Fwd: Re: phpnuke, security problem... Thomas J. Stensas (Feb 13)
- Re: Fwd: Re: phpnuke, security problem... sam mulvey (Feb 13)
- Re: Fwd: Re: phpnuke, security problem... Peter van Dijk (Feb 12)