Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multiples Full Path Disclosure in php-nuke 7.6 (and below)

from [Luis Fernando] Network Security [Permanent Link]
Subject: Multiples Full Path Disclosure in php-nuke 7.6 (and below)
Date: Fri, 29 Apr 2005 10:15:44 -0300 
Multiples Full Path Disclosure in php-nuke 7.6 (and 
below)---------------------------------------------------------------------------
Author: project-restart Date: 27. April 2005Location: BrazilWeb: 
http://www.project-restart.org/Target: PHP-nuke 7.6 (and below)
---------------------------------------------------------------------------Target
 software description:Php-Nuke is a popular opensource content management 
system, written in php byFrancisco Burzi. This CMS is used on many thousands 
websites, because it's freeware(7.7 no ÂÂ), easy to install and manage and 
has broad set of features.
Homepage: 
http://phpnuke.org---------------------------------------------------------------------------
Vulnerabilities founds by luis <luis@project-restart.org>
########################### Vuln1
File: includes/ipban.php(http://localhost/nuke76/includes/ipban.php) 
-----------/includes/ipban.php--------------15: global $prefix, $db;16: $ip = 
$_SERVER["REMOTE_ADDR"];17: $numrow = $db->sql_numrows($db->sql_query("SELECT 
id FROM".$prefix."_banned_ip                                                    
      WHEREip_address='$ip'"));18: if ($numrow != 0) {19:   echo 
"<br><br><center><img src='images\admin\ipban.gif'><br><br><b>You has           
                                been banned by 
theadministrator</b></center>";20:  die();21: 
}--------------------------------------------
Result:Fatal error: Call to a member function on a non-object in 
/home/localhost/public_html/nuke76/includes/ipban.php on line 17
########################### Vuln2
File: db/db.php(http://localhost/nuke76/db/db.php)
--------/db/db.php------------49:switch($dbtype) {50: case 'MySQL':51: 
include("".$the_include."/mysql.php");#52: break;(...)85: $db = new 
sql_db($dbhost, $dbuname, $dbpass, $dbname, false);86: if(!$db->db_connect_id) 
{#87: die("<br><br><center><img src=images/logo.gif><br><br><b>Thereseems to be 
a problem with the MySQL server, sorry for theinconvenience.<br><br>We should 
be back shortly.</center></b>");88: }-----------------------------
Result:Fatal error: Cannot instantiate non-existent class: sql_db in 
/home/localhost/public_html/nuke76/db/db.php on line 86

########################### Vuln3File: 
/modules/Reviews/language/lang-norwegian.php(http://localhost/nuke76/modules.php?name=Reviews&newlang=norwegian)
--------/modules/Reviews/language/lang-norwegian.php--------------52: 
define("_INVALIDTEXT","Feil i anmeldelsestekst... Feltet kan ikkevÃÂre 
tomt\");53: define("_INVALIDHITS","Treff mÃÂ vÃÂre en positiv 
integer");-----------------------------------------------------------------
Result:Parse error: parse error, unexpected T_STRING in 
/home/localhost/public_html/nuke76/modules/Reviews/language/lang-norwegian.phpon
 line 53
########################## Vuln4File: 
/modules/Downloads/language/lang-greek.php(http://localhost/nuke76/modules.php?name=Downloads&newlang=greek)
-------/modules/Downloads/language/lang-greek.php-----------176: A-# 
define("_FILESIZE","ÃÅÃÂÃÂÃÂÃÂÃÂÃÂ 
ÃÂÃÂÃÂÃÂÃÅÃÂÃÂ");177: A-# 
define("_VERSION","ÃÂÃÂÃÂÃÂÃÂÃÂ");178: K-# 
define("_UDOWNLOADS","ÃÂÃÂÃÂÃÂÃÂÃÅÃÂÃÂÃ(c)ÃÂ");179: A-# 
define("_HOMEPAGE","ÃÅÃÂÃÂÃÂÃÂÃ(c)ÃÂÃÅ Ã"ÃÂÃÂÃÅÃÂÃÂ 
");------------------------------------------------------------
This is a commentary?!Result:Parse error: parse error, unexpected ';' in 
/home/localhost/public_html/nuke76/modules/Downloads/language/lang-greek.phpon 
line 181
######################### Vuln 5File: 
/modules/Downloads/language/lang-indonesian.php(http://localhost/nuke76/modules.php?name=Downloads&newlang=indonesian)
------/modules/Downloads/language/lang-indonesian.php----59: 
define("_DOWNLOADSNOTUSER8","<ahref=\"modules.php?name=Your_Account&">Daftar di 
sini</a>");60: define("_DOWNLOADALREADYEXT","ERROR: Alamat URL sudah ada dalam 
database!");---------------------------------------------------------
Resultando em:Parse error: parse error, unexpected T_STRING in 
/home/localhost/public_html/nuke76/modules/Downloads/language/lang-indonesian.phpon
 line 59

---------------------------------------------------------------------------(more)
Vulnerabilities founds by guilherme <guilherme@project-restart.org>

########################### Vuln6
File: /modules/Web_Links/language/lang-portuguese.php
If called the module Web_Links with portuguese language,it returns the way from 
the archive in the server.
(http://localhost/nuke76/modules.php?name=Web_Links&newlang=portuguese)
Parse error: parse error, unexpected T_STRING 
in/home/localhost/public_html/nuke76/modules/Web_Links/language/lang-portuguese.phpon
 line 171
---------/modules/Web_Links/language/lang-portuguese.php----------------
169: define("_REMOTEFORM","Forma de AvaliaÃÃo a DistÃncia");170: 
define("_PROMOTE04","Se vocà nos enganar, nÃs removeremos seulink. Temos dito 
    isto, aqui como uma forma de avaliaÃÃo remota e171: 
define("_VOTE4THISSITE","Vote neste Site!");172: 
define("_LINKVOTE","Vote!");----------------------------
########################### Vuln7
File: /modules/Web_Links/language/lang-indonesian.php
If called the module Web_Links with indonesian language,it returns the way from 
the archive in the server.
(http://localhost/nuke76/modules.php?name=Web_Links&newlang=indonesian)
Parse error: parse error, unexpected T_STRING 
in/home/localhost/public_html/nuke76/modules/Web_Links/language/lang-indonesian.phpon
 line 170
---------/modules/Web_Links/language/lang-indonesian.php----------------
169: define("_LOOKTOREQUEST","Kami akan memeriksa laporan anda.");170: 
define("_ONLYREGUSERSMODIFY","Hanya member yang bisa meminta modifikasi       
link. Silakan daftar atau login <ahref=\"/modules.php?name=Your_Account&">di 
sini</a>.");171: define("_REQUESTLINKMOD","Permohonan Modifikasi Link 
Situs");------------------------
########################### Vuln8
File: /modules/Surveys/language/lang-indonesian.php 
If called the module Surveys with indonesian language, it returns the way from 
the archive in the server.
(http://localhost/nuke76/modules.php?name=Surveys&newlang=indonesian)
Parse error: parse error, unexpected T_STRING in 
/home/localhost/public_html/nuke76/modules/Surveys/language/lang-indonesian.phpon
 line 40
---------/modules/Surveys/language/lang-indonesian.php----------------39: 
define("_NOSUBJECT","Tanpa Subjek");40: define("_NOANONCOMMENTS","Anda tidak 
dibolehkan mengirim komentar,     silakan daftar <a 
href=\"modules.php?name=Your_Account&">di sini</a>");41: 
define("_PARENT","Setingkat ke atas");------------------------------

########################### Vuln9
File: /modules/Reviews/language/lang-portuguese.php
If called the module Reviews with portuguese language, it returns the way from 
the archive in the server.
(http://localhost/nuke76/modules.php?name=Reviews&newlang=portuguese)
Parse error: parse error, unexpected T_STRING in 
/home/localhost/public_html/nuke76/modules/Reviews/language/lang-portuguese.phpon
 line 89
---------/modules/Reviews/language/lang-portuguese.php----------------88: 
define("_YOURNICK","O seu nome:");89: 
define("_RCREATEACCOUNT","<ahref="modules.php?name=Your_Account&op=new_user\"><b>Crie</b></a>
 umaconta");87: define("_YOURCOMMENT","O seu comentÃrio:");-----------
########################### Vuln10
File: /modules/Journal/language/lang-portuguese.php
If called the module Journal with portuguese language, it returns the way from 
the archive in the server.
(http://localhost/nuke76/modules.php?name=Journal&newlang=portuguese)
Parse error: parse error, unexpected T_STRING in 
/home/localhost/public_html/nuke76/modules/Journal/language/lang-portuguese.phpon
 line 31
---------/modules/Journal/language/lang-portuguese.php----------------29: 
define("_ADDJOURNAL","Adicionar uma entrada no diÃrio");30: 
define("_ADDENTRY","Adicionar uma nova entrada);31: define("_YOURLAST20","As 
suas 20 entradas");-----------------------
---------------------------------------------------------------------------How 
to fix:http://www.project-restart.org
---------------------------------------------------------------------------
TimeLine:25/04/2005 - php-nuke install into our server (downloaded default 
7.6from phpnuke.org)26/04/2005 - Luis found the firsts vulns and begin find 
more27/04/2005 - Guilherme found many vulns into language files28/04/2005 - 
Luis see all language files and found more vulns29/04/2005 - report sent and 
vendor contacted
Contact:---------------------------------------------------------------------------
Luis (22) - luis@project-restart.orgGuilherme (GBR) - 
guilherme@project-restart.orgRodrigo (digÃo) - rodrigo@project-restart.org
Homepage: http://www.project-restart.org/
That God mercy our soul!
(Ps. Sorry our bad english, we are Brazilians boys, =D)
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Multiples Full Path Disclosure in php-nuke 7.6 (and below), Luis Fernando <=
Previous by Date:  MDKSA-2005:080 - Updated libxpm4 packages fix libXpm vulnerabilities, Mandriva Security Team
Next by Date:  MDKSA-2005:079 - Updated perl packages to fix rmtree vulnerability, Mandriva Security Team
Previous by Thread:  MDKSA-2005:080 - Updated libxpm4 packages fix libXpm vulnerabilities, Mandriva Security Team
Next by Thread:  MDKSA-2005:079 - Updated perl packages to fix rmtree vulnerability, Mandriva Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]