Page 288 - بسم الله الرحمن الرحيم
P. 288

} (if($upload
                                    ;(copy($userfile,$basedir.$wdir.$userfile_name
                     ;"lastaction = ""._UPLOADED." $userfile_name --> $wdir$
      This need a rewrite -------------------------------------> OMG! WE TOTALY //

                                                                         AGREEEEEEEE lmao
                                                                     ;("include("header.php//
                                                                   ;(GraphicAdmin($hlpfile//

                                                                                 ;()html_header//
                                                                                    ;()displaydir//
                                                                                       ;"/"=wdir2$

                                                                    ;(chdir($basedir . $wdir2
                                                                                   ;()CloseTable//

                                                                      ;("include("footer.php//
                                ;("Header("Location: admin.php?op=FileManager

                                                                                                 ;exit
                                                                                                      {

that doesnt do a check to see if you are logged as admin or no... so you
                                                                           ...can use it anyway

                                                                                           Solution
   we erased the function... cause we wanted to remove the file manager

      -anyway but i suggest you to do the same... -to upload files use FTP

                                                                                     :conclusions
     yet another bug of php nuke... this software is used by thousands of
     people... (we run something based on it too) i hope that this time the
  author will reply soon and will release a patch too! as i said before just
dont try to be a script kiddie or we simply WONT post anymore this kind
of advisories. Prolly the funny thing is that who first discovered the bug
  was LucisFero that... 2 hours before didnt knew php ... so i (supergate)

                                                              .fear him and you should too

                                                                                         :posted at
        http://www.twlc.net article http://www.twlc.net/article.php?sid=421

                                                              bugtraq@securityfocus.com
                                                    -http://www.phpnuke.org -good luck
  http://sourceforge.net/tracker/?group_id=7511 Project: PHP-Nuke Web

                                                                                   Portal System
                                    and of course mailed to the author of php nuke

     contacts (bugs, ideas, insults, cool girls... remember that trojans are
                                                                         :(directed to /dev/null

                                                                             lucisfero@twlc.net
                                                                           supergate@twlc.net

                                             (http://www.twlc.net (yes we are patched

                                                             .peace out pimps. bella a tutti

                                                 288
   283   284   285   286   287   288   289   290   291   292   293