Digital Security Research Group [DSecRG] Advisory #DSECRG-08-014 Application: PowerNews (Newsscript) Versions Affected: 2.5.6 Vendor URL: http://www.powerscripts.org/ Bug: Multiple Local File Include Exploits: YES Reported: 01.02.2008 Vendor Response: none Solution: none Date of Public Advisory: 08.02.2008 Authors: Alexandr Polyakov, Stas Svistunovich Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru) Description *********** PowerNews (Newsscript) has Multiple Local File Include vulnerabilities. 1. Local File Include vulnerabilities found in scripts: pnadmin/categories.inc.php pnadmin/news.inc.php pnadmin/other.inc.php pnadmin/permissions.inc.php pnadmin/templates.inc.php pnadmin/users.inc.php Non-authentication user can directly access to this scripts. Code **** ################################################# if ($_GET[subpage]) { if (file_exists($_GET[page]."_".$_GET[subpage].".inc.php")) { include($_GET[page]."_".$_GET[subpage].".inc.php"); } else { ?>