Page 288 - بسم الله الرحمن الرحيم
P. 288
} (if($upload
;(copy($userfile,$basedir.$wdir.$userfile_name
;"lastaction = ""._UPLOADED." $userfile_name --> $wdir$
This need a rewrite -------------------------------------> OMG! WE TOTALY //
AGREEEEEEEE lmao
;("include("header.php//
;(GraphicAdmin($hlpfile//
;()html_header//
;()displaydir//
;"/"=wdir2$
;(chdir($basedir . $wdir2
;()CloseTable//
;("include("footer.php//
;("Header("Location: admin.php?op=FileManager
;exit
{
that doesnt do a check to see if you are logged as admin or no... so you
...can use it anyway
Solution
we erased the function... cause we wanted to remove the file manager
-anyway but i suggest you to do the same... -to upload files use FTP
:conclusions
yet another bug of php nuke... this software is used by thousands of
people... (we run something based on it too) i hope that this time the
author will reply soon and will release a patch too! as i said before just
dont try to be a script kiddie or we simply WONT post anymore this kind
of advisories. Prolly the funny thing is that who first discovered the bug
was LucisFero that... 2 hours before didnt knew php ... so i (supergate)
.fear him and you should too
:posted at
http://www.twlc.net article http://www.twlc.net/article.php?sid=421
bugtraq@securityfocus.com
-http://www.phpnuke.org -good luck
http://sourceforge.net/tracker/?group_id=7511 Project: PHP-Nuke Web
Portal System
and of course mailed to the author of php nuke
contacts (bugs, ideas, insults, cool girls... remember that trojans are
:(directed to /dev/null
lucisfero@twlc.net
supergate@twlc.net
(http://www.twlc.net (yes we are patched
.peace out pimps. bella a tutti
288