Neuron News 1.0 Local File Inclusion Vulnerability

vendor:

Neuron News

by:

Dj7xpl

N/A

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Neuron News

Affected Version From: Neuron News 1.0

Affected Version To: Neuron News 1.0

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Neuron News 1.0 Local File Inclusion Vulnerability

The Neuron News 1.0 portal is vulnerable to local file inclusion. An attacker can exploit this vulnerability by supplying a malicious file path in the 'q' parameter of the index.php page. This can lead to the inclusion of arbitrary files from the target system, potentially allowing the attacker to read sensitive information or execute malicious code.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and validate file paths before including them in the application. Additionally, access controls should be implemented to restrict the inclusion of files to only trusted locations.

Source

Exploit-DB raw data:

                      \\\|///
                    \\  - -  //      Y! Underground Group
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  Neuron News 1.0
              Download :  http://downloads.localhost.be/scripts/neuronnews.zip
	      Author   :  Dj7xpl
	      HomePage :  http://r00t.ir  /  http://Dj7xpl.2600.ir
	      Type     :  Local File Inclusion
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/



+---------------------------------------------------------------------------------------------+

Vuln :

http://[TARGET]/[PATH]/index.php?q=[Local File]%00


+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-09-21]