PHP-Nuke 5.x - Error Message Web Root Disclosure

EDB-ID:

21349


Author:

godminus

Type:

webapps


Platform:

PHP

Date:

2002-03-21


source: https://www.securityfocus.com/bid/4333/info

PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site.

A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script.

It has been suggested that this is the result of an insecure server configuration. 

http://www.site.com/index.php?file=index.php