On Mon, Feb 12, 2001 at 11:07:15AM -0000, Joao Gouveia wrote: [snip] > > > Example: http://www.phpnuke.org/opendir.php?requesturl=/etc/passwd You can actually insert any URL instead of "/etc/passwd" and have it read. Depending on the server's configuration, this could be abused to execute PHP code, probably, and from that, any UNIX shell command. The author obviously doesn't care about security. Greetz, Peter.
- Fwd: Re: phpnuke, security problem... Joao Gouveia
- Re: Fwd: Re: phpnuke, security problem... Peter van Dijk
- Re: Fwd: Re: phpnuke, security problem... sam mulvey
- Re: Fwd: Re: phpnuke, security problem... Thomas J. Stensas
