Bugtraq mailing list archives
Re: PHPNuke viewpage.php allows Remote File retrieving
From: Kevin <lists () phantox com>
Date: Wed, 26 Mar 2003 22:08:26 -0600
I have just checked 5 different 6.5 installs some of which have been upgraded from previous 6.5 beta's and this file most definattly does not exist under 6.5
admin () gaylenandmargie com wrote:
In-Reply-To: <20030326022821.48e4e54f.negative () magnesium net>I have the vanilla 6.5 and there is no viewpage.php file in the package that I can find. Are you sure that this isn't in an addon? Or possibly left over from a previous version that was never cleared out when phpnuke was updated?From: Jim Geovedi <negative () magnesium net> To: bugtraq () securityfocus com Subject: Re: PHPNuke viewpage.php allows Remote File retrieving Message-Id: <20030326022821.48e4e54f.negative () magnesium net> In-Reply-To: <3E8098FE.3070808 () war-ensemble com> References: <20030325163207.13063.qmail () www securityfocus com> <3E8098FE.3070808 () war-ensemble com> Organization: Will Work For Bandwidth, Inc. X-Mailer: Superunknown. Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Tue, 25 Mar 2003 11:59:26 -0600 DaiTengu wrote:viewpage.php is a part of PHPNuke. The Script allows an attacker to view all files on the System. Example: http://server.com/viewpage.php?file=/etc/passwdumm, what version of phpNuke is vulnerable to this? as far as I'm aware, there has not been any viewpage.php since before 5.0...I beleive this was reported then as well. reguardless, this is not true with 6.0it's repeatable on PHP-Nuke 6.5. -- Jim Geovedi <negative () magnesium net>
Current thread:
- PHPNuke viewpage.php allows Remote File retrieving Zero_X www . lobnan . de Team (Mar 25)
- Re: PHPNuke viewpage.php and another SQL injections Tibor Pittich (Mar 25)
- Re: PHPNuke viewpage.php allows Remote File retrieving DaiTengu (Mar 25)
- Re: PHPNuke viewpage.php allows Remote File retrieving Jim Geovedi (Mar 25)
- Re: PHPNuke viewpage.php allows Remote File retrieving Christopher Warner (Mar 26)
- Re: PHPNuke viewpage.php allows Remote File retrieving Tonu Samuel (Mar 26)
- Re: PHPNuke viewpage.php allows Remote File retrieving Jim Geovedi (Mar 25)
- <Possible follow-ups>
- Re: PHPNuke viewpage.php allows Remote File retrieving admin (Mar 26)
- Re: PHPNuke viewpage.php allows Remote File retrieving Kevin (Mar 27)
- Re: PHPNuke viewpage.php allows Remote File retrieving admin (Mar 27)