Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

PHP-Nuke security vulnerability (bb_smilies.php) Vulnerability Scan

Vulnerability Scan Summary
Determine if a remote host is vulnerable to the bb_smilies.php vulnerability

Detailed Explanation for this Vulnerability Test

The remote host seems to be vulnerable to a security problem in PHP-Nuke (bb_smilies.php).
The vulnerability is caused by inadequate processing of queries by PHP-Nuke's bb_smilies.php
which results in returning the content of any file we desire (the file needs to be world-readable).
A similar vulnerability in the same PHP program allows execution of arbitrary code by changing
the password of the administrator of bb_smilies.

Every file that the webserver has access to can be read by anyone. It is
also possible to change bb_smilies' administrator password and even execute
arbitrary commands.

Change the following lines in both bb_smilies.php and bbcode_ref.php:

if ($userdata[9] != '') $themes = 'themes/$userdata[9]/theme.php'

else $themes = 'themes/$Default_Theme/theme.php'


if ($userdata[9] != '') $themes = 'themes/$userdata[9]/theme.php'

else $themes = 'themes/$Default_Theme/theme.php'

if ( !(strstr(basename($themes),'theme.php')) || !(file_exists($themes)) ){
echo 'Invalid Theme'
include ('$themes')

Or upgrade to the latest version (Version 4.4.1 and above).

Threat Level: Medium

Additional information:

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.