CVE-2010-2850

nubuilder <10.07.12 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2850. PoCs published by John Leitch.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in nuBuilder 10.04.20 by manipulating the 'dir' parameter in fileuploader.php to traverse directories and include arbitrary files, such as system.ini.

Description

Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by John Leitch · textwebappsphp

https://www.exploit-db.com/exploits/14485

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in nuBuilder 10.04.20 by manipulating the 'dir' parameter in fileuploader.php to traverse directories and include arbitrary files, such as system.ini.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: nuBuilder 10.04.20

No auth needed

Prerequisites: Access to the target application · Network connectivity to the target

MITRE ATT&CK