PHP-Nuke 6.5 Addon - 'Viewpage.php' File Disclosure

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107256 漏洞类型
发布时间 2003-03-25 更新时间 2003-03-25
CVE编号 CVE-2003-1545 CNNVD-ID N/A
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/22422
|漏洞详情
Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.
|漏洞EXP
source: http://www.securityfocus.com/bid/7191/info

PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon.

It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain circumstances.

It should be noted that this issue reportedly affects PHP-Nuke version 6.5 when running a specific configuration, however other versions may also be affected.

http://www.example.com/viewpage.php?file=/etc/passwd
|参考资料
resource:
hyperlink:http://www.securityfocus.com/archive/1/316198/30/25340/threaded
resource:
hyperlink:http://www.securityfocus.com/archive/1/316233/30/25340/threaded
resource:
hyperlink:http://www.securityfocus.com/archive/1/316327/30/25340/threaded
resource:
hyperlink:http://www.securityfocus.com/archive/1/316341/30/25310/threaded
resource:Exploit
hyperlink:http://www.securityfocus.com/archive/1/archive/1/316179/30/25340/threaded
resource:
hyperlink:http://www.securityfocus.com/archive/1/archive/1/316209/30/25340/threaded
resource:
hyperlink:http://www.securityfocus.com/archive/1/archive/1/316585/30/25310/threaded
resource:
hyperlink:http://www.securityfocus.com/bid/7191
resource:
hyperlink:http://www.securitytracker.com/id?1006377