This exploit demonstrates arbitrary file read and write vulnerabilities in nconf 1.3 due to lack of input validation in the static_file_editor.php script. It allows reading sensitive files (e.g., ../config/mysql.php) and writing PHP code to the server.
Classification
Working Poc 90%
Attack Type
Info Leak | Other
Complexity
Trivial
Reliability
Reliable
Target:nconf 1.3
Auth required
Prerequisites:Access to nconf web interface · Valid session cookies