[VIM] false: paNews 2.0b4 < = RFi Vulnerabilities
str0ke
str0ke at milw0rm.com
Tue Feb 13 10:25:26 EST 2007
Below is the code.
$base_dir = "";
$base_url = "";
if (!$IS_PANEWS) {
$IS_PANEWS = 1;
include_once($base_dir . "config.php");
include_once($base_dir . "includes/database.php");
include_once($base_dir . "includes/functions.php");
$mysql->connect();
extract($_GET);
###############################3
There are a few extract calls in multiple of the scripts that are used
but the current one shouldn't be vulnerable.
phpinfo disclosure placed in the code. Got to love it.
if ($action == "login") {
$done = $auth->login();
} else if ($action == "logoff") {
$auth->logoff();
} else if (md5($action) == "8e31d9de70421ac6d33b50887b523a5b") {
// This is for the phparena staff. It is simply for debugging purposes.
// If you do not like the idea of this being here... Simply remove:
// 8e31d9de70421ac6d33b50887b523a5b from above.
phpinfo();
exit;
}
/str0ke
##################################################################
#paNews 2.0b4 < = RFi Vulnerabilities
#
#Download : http://phparena.net/files/officialdloads/panews/panews_20b4.zip
#
#Script Name : paNews
#V.Code in : [path]/viewnews.php
#
#
# include_once($base_dir . "config.php");
# include_once($base_dir . "includes/database.php");
# include_once($base_dir . "includes/functions.php");
#Exploit : www.target.com/path/viewnews.php?base_dir=[shell]
More information about the VIM
mailing list