Re: Fwd: Re: phpnuke, security problem...

["Thomas J. Stensas" <ShadowMaster () SHADOW-REALM ORG>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greets.

This problem is known and fixed by the author and a patched
opendir.php file have been made availible for download from the
phpnuke home site.

phpnuke home: http://www.phpnuke.org/
Patched opendir.php:
http://www.phpnuke.org/download.php?op=mydown&did=64

- --
Yours Sincerely
Thomas Juberg Stensas (ShadowMaster/HAMLET @ IRC)

> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
> Peter van Dijk
> Sent: Monday, February 12, 2001 9:04 PM
> To: BUGTRAQ () SECURITYFOCUS COM
> Subject: Re: Fwd: Re: phpnuke, security problem...
>
>
> On Mon, Feb 12, 2001 at 11:07:15AM -0000, Joao Gouveia wrote:
> [snip]
> > > > Example:
> > > > http://www.phpnuke.org/opendir.php?requesturl=/etc/passwd
>
> You can actually insert any URL instead of "/etc/passwd" and have
> it read. Depending on the server's configuration, this could be
> abused to execute PHP code, probably, and from that, any UNIX shell
> command.
>
> The author obviously doesn't care about security.
>
> Greetz, Peter.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOokAddmibtokx6KuEQKuZwCgrauPSZwlwRo657YRoHUATjAQEtQAoMIW
JVHbb1Rt3IU/ZPKVhYdmuwTM
=meWh
-----END PGP SIGNATURE-----