 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 142 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
PHP-Nuke Path Disclosure Vulnerability |
|
 manunkind1 writes "SOFTWARE:
PHP-Nuke 7.x
DESCRIPTION:
A vulnerability has been reported in PHP-Nuke allowing malicious people to see the installation path.
The problem is that the search module can't handle certain characters
such as """, ">" and "'". This causes PHP-Nuke to return an error
message that discloses the installation path.
The vulnerability has been reported in version 7.
SOLUTION:
Configure PHP so that error messages aren't returned to the user.
http://www.secunia.com/advisories/10040/"
|
|
Posted on Wednesday, October 22 @ 09:13:31 CEST by Zhen-Xjell |
|
|
|
|
| |
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: PHP-Nuke Path Disclosure Vulnerability (Score: 1)
by sengsara on Wednesday, October 22 @ 21:04:49 CEST
(User Info | Send a Message) http://batamweb.net | :lol:
The bug is in PHPNuke, you have to adjust your PHP config. for that!
I really like the 'workaround' they proposed!!! |
| | | | |
Re: PHP-Nuke Path Disclosure Vulnerability (Score: 1)
by Jeruvy on Sunday, October 26 @ 13:00:34 CET
(User Info | Send a Message) | | I cannot confirm this bug...my tests seem to handle these strings with proper nuke error messages |
| | | | | |
|
