And here's a suggested fix from a BugTraq reader...
Thanks... Dan.
---------- Forwarded message ----------
Date: Tue, 25 Sep 2001 06:41:14 +0200
From: Magnus Skjegstad <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], bugtraq <[EMAIL PROTECTED]>
Subject: Re: twlc advisory: all versions of php nuke are vulnerable...
Alternative "quickfix"; change
"if($upload) {" to
"if (($upload) && ($admintest)) {"
This at least works for PostNuke 0.62.
***Dan*** another message states that the latest PostNuke 0.63 is NOT vulnerable. ***
And btw; if you're not going to use the filemanager, disallow write access for the
webuser (usually nobody or www) to all files/directories below webroot.
Magnus Skjegstad
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
