CVE-2003-1292

ashNews 0.83 - Remote File Inclusion via pathtoashnews Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1292. PoCs published by Kacper.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in ashnews v0.83, allowing an attacker to include arbitrary remote scripts via the 'pathtoashnews' parameter in ashheadlines.php and ashnews.php.

Description

PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · textwebappsphp

https://www.exploit-db.com/exploits/1864

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in ashnews v0.83, allowing an attacker to include arbitrary remote scripts via the 'pathtoashnews' parameter in ashheadlines.php and ashnews.php.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ashnews v0.83

No auth needed

Prerequisites: Access to the target web application · Ability to host or reference a malicious script

MITRE ATT&CK