Exploit PHP-Nuke 5.5/6.0 News Module - Full Path Disclosure

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
22348
Проверка EDB
  1. Пройдено
Автор
RYNHO ZEROS WEB
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2003-03-12
Код:
source: https://www.securityfocus.com/bid/7079/info

The News module for PHPNuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker.

An attacker may use the information gathered in this manner to mount further attacks against the host.

This vulnerability was reported to affect the News module shipped with PHPNuke version 5.5 and 6.0 it has been suggested that other versions may also be affected.

http://www.example.com/modules.php?name=News&file=print&sid=
http://www.example.com/modules.php?name=News&file=print&sid=[Any_Text]
 
Источник
www.exploit-db.com

Похожие темы