// PHP Nuke 5.X ? Path disclosure vuln through modules.php by Patryk K. (echo7) // // patryk@newyork.com http://nyshock.hypermart.net // // efnet #dna // PHP Nuke can expose full Path beginning with root dir Which can be used to plan further attack against a Vulnerable website, Disposing Information as such can give attacker idea how badly PHP nuke processes calls devried from php-nuke system here's example http://example.com/modules.php?op=modload&name=0&file=0 will return: Warning: Failed opening 'modules/0/0.php' for inclusion (include_path='.:/usr/local/lib/php') in /users/thisuser/example.com/modules.php on line 23 I didn't have enough time to play around with it so i decided to post it as it is, also where name=0 the 0 will show in path so I guess PHP code insertion would work ? If you have comments questions email me :) Solution : php-nuke developers should have some patches coming :)