TUCoPS :: Web :: PHP :: phpnuke7.htm

PHP-nuke all versions - change banner URLs 
Vulnerability

    php-nuke

Affected

    php-nuke all versions

Description

    Juan  Diego  posted  following.   There  are  a  bug in the banner
    section of  php-nuke which  is web  engine...   The problem is you
    can change the url banners form anywhere, to anywhere.

    Example, to change the url of the first banner yo should enter  un
    your browser

        http://target/banners.php?op=Change&bid=bannerid&url=http://where.to

    if  we  want  to   change  the  banner  number   1  to  redir   to
    www.you_are_redir we write

        http://www.foo.com/banners.php?op=Change&bid=1&url=http://you.are.redir

    where www.foo.com is the server running php-nuke.

    If You get

        A web page that states that; "You changed the URL"

    Reload your page, and click on that banner.... you are  redirected
    to other site...

Solution

    A fix is available (since 8/03/2001):

        http://phpnuke.org/download.php?dcategory=Fixes

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH