[NTLUG:Discuss] Apache or PHPNuke
Rob Apodaca
rob.apodaca at attbi.com
Fri Feb 21 08:47:35 CST 2003
On Fri, 21 Feb 2003 08:45:47 -0500
David Ross <davidwross1 at attbi.com> wrote:
> I recently visited Bugtraq and found a vulnerability in myphpnuke:
> http://WEB/myphpnuke/links.php?op=MostPopular&ratenum=[scr!pt]alert(document.cookie);[/scr!pt]&ratetype=percent
> when i enter that as a url to my site (with the ! changed to an i and the
> correct script tags) my server returns:
> "I don't like you....." one page,no formatting,just text.
> My question is,Where is this error message coming from? I can't seem to find
> it in any file in my html directory.Is it an Apache error message or PHP?
> any help is appreciated as i would like to change that message.
> David
This has most certainly got to be coming from the php code. The fact that the page being requested is 'links.php' is what tells me this. The php code must have something to handle that combination of variables being passed to it which returns the "I dont like you" text.
Open the links.php with an editor and see if you can find out where in the code it is coming from. It is most likely from an included file would be my guess.
More information about the Discuss
mailing list