Date: Tue, 13 Feb 2001 11:37:58 +0100 From: "=?us-ascii?Q?Thomas_J._Stensas?=" <ShadowMaster@SHADOW-REALM.ORG> Subject: Re: Fwd: Re: phpnuke, security problem... To: BUGTRAQ@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greets. This problem is known and fixed by the author and a patched opendir.php file have been made availible for download from the phpnuke home site. phpnuke home: http://www.phpnuke.org/ Patched opendir.php: http://www.phpnuke.org/download.php?op=mydown&did=64 - -- Yours Sincerely Thomas Juberg Stensas (ShadowMaster/HAMLET @ IRC) > -----Original Message----- > From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of > Peter van Dijk > Sent: Monday, February 12, 2001 9:04 PM > To: BUGTRAQ@SECURITYFOCUS.COM > Subject: Re: Fwd: Re: phpnuke, security problem... > > > On Mon, Feb 12, 2001 at 11:07:15AM -0000, Joao Gouveia wrote: > [snip] > > > > Example: > > > > http://www.phpnuke.org/opendir.php?requesturl=/etc/passwd > > You can actually insert any URL instead of "/etc/passwd" and have > it read. Depending on the server's configuration, this could be > abused to execute PHP code, probably, and from that, any UNIX shell > command. > > The author obviously doesn't care about security. > > Greetz, Peter. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOokAddmibtokx6KuEQKuZwCgrauPSZwlwRo657YRoHUATjAQEtQAoMIW JVHbb1Rt3IU/ZPKVhYdmuwTM =meWh -----END PGP SIGNATURE-----