Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or PhpNuke?Need help customizing or designing scripts?Please contact me via the Contact Us option for further details and pricing.
IMPACT: Exposure of system information, Exposure of sensitive information
WHERE: >From remote
SOFTWARE: Addressbook 1.x (module for PHP-Nuke) - http://secunia.com/product/13832/
DESCRIPTION: bd0rk has discovered a vulnerability in the Addressbook module for PHP-Nuke, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "module_name" parameter in modules/Addressbook/addressbook.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that "register_globals" is enabled, "magic_quotes_gpc" is disabled, and that the system is running PHP5. The vulnerability is confirmed in version 1.2. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY: bd0rk
ORIGINAL ADVISORY: http://milw0rm.com/exploits/3582
Posted on Friday, April 06, 2007 @ 09:50:32 EDT by Raven
![[Valid RSS]](http://ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
