Vulnerabilities > CVE-2002-0206 - Remote Arbitrary File Include vulnerability in PHPNuke

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
francisco-burzi
nessus
exploit available
NVD
Published: 2002-05-16
Updated: 2017-07-11

Summary

index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.

Vulnerable Configurations

Part Description Count
Application
Francisco_Burzi
13

Exploit-Db

descriptionPHPNuke 4.x/5.x Remote Arbitrary File Include Vulnerability. CVE-2002-0206 . Webapps exploit for php platform
idEDB-ID:21230
last seen2016-02-02
modified2002-01-16
published2002-01-16
reporterHandle Nopman
sourcehttps://www.exploit-db.com/download/21230/
titlePHPNuke 4.x/5.x - Remote Arbitrary File Include Vulnerability

Nessus

NASL familyCGI abuses
NASL idPHP_NUKE_INSTALLED.NASL
descriptionThe remote host is running a copy of PHP-Nuke. Given the insecurity history of this package, the Nessus team recommends that you do not use it but use something else instead, as security was clearly not in the mind of the persons who wrote it. The author of PHP-Nuke (Francisco Burzi) even started to rewrite the program from scratch, given the huge number of vulnerabilities
last seen2020-06-02
modified2003-02-17
plugin id11236
published2003-02-17
reporterThis script is Copyright (C) 2003-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/11236
titlePHP-Nuke Detection
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(11236);
 script_version ("1.39");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");

 script_cve_id(
  "CVE-2001-0292",
  "CVE-2001-0320",
  "CVE-2001-0854",
  "CVE-2001-0911",
  "CVE-2001-1025",
  "CVE-2002-0206",
  "CVE-2002-0483",
  "CVE-2002-1242",
  "CVE-2003-1400",
  "CVE-2003-1435"
 );
 script_bugtraq_id(
  6446,
  6465,
  6503,
  6750,
  6887,
  6890,
  7031,
  7060,
  7078,
  7079
 );

 script_name(english:"PHP-Nuke Detection");
 script_summary(english:"Determines if PHP-Nuke is installed on the remote host");

 script_set_attribute(attribute:"synopsis", value:
"A remote web application might be affected by several vulnerabilities.");
 script_set_attribute(attribute:"description", value:
"The remote host is running a copy of PHP-Nuke.

Given the insecurity history of this package, the Nessus team
recommends that you do not use it but use something else instead, as
security was clearly not in the mind of the persons who wrote it. 

The author of PHP-Nuke (Francisco Burzi) even started to rewrite the
program from scratch, given the huge number of vulnerabilities");
 script_set_attribute(attribute:"see_also", value:"https://www.phpnuke.org/modules.php?name=News&file=article&sid=5640");
 script_set_attribute(attribute:"solution", value:
"De-install this package and use something else.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(79, 89);

 script_set_attribute(attribute:"plugin_publication_date", value:"2003/02/17");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:phpnuke:php-nuke");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"CGI abuses");
 script_copyright(english:"This script is Copyright (C) 2003-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_dependencie("webmirror.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("www/PHP");
 exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:8080, php: 1);

function check(loc)
{
 local_var r;

 loc += '/';
 r = http_send_recv3(method:"GET", item:string(loc), port:port, follow_redirect: 2, exit_on_fail: TRUE);
 if("PHP-Nuke" ><r[2] &&
    egrep(pattern:"GENERATOR.*PHP-Nuke.*", string:r[2]))
	{
	if ( ! loc ) loc = "/";
	set_kb_item(name:"www/" + port + "/php-nuke", value:"unknown under " + loc);
	set_kb_item(name:"www/php-nuke", value: TRUE);
	return(1);
	}
 else 
	return(0);
}

 
foreach dir (cgi_dirs())
{
if(check(loc:string(dir))){ security_hole(port); exit(0); }
}

exit(0, "PHP-Nuke was not found on the web server on port "+port+".");

References