Bugtraq: false: Plume CMS 1.2.2 < = RFi Vulnerabilities

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

false: Plume CMS 1.2.2 < = RFi Vulnerabilities

From: Stuart Moore <smoore.bugtraq () securityglobal net>
Date: Fri, 16 Feb 2007 14:19:56 -0500

No RFI here, because 'path.php' defines the allegedly vulnerable parameter.

Stuart

plume\manager\articles.php:

require_once 'path.php';
require_once $_PX_config['manager_path'].'/prepend.php';
require_once $_PX_config['manager_path'].'/inc/class.article.php';

path.php:

$_PX_config['manager_path'] = dirname(__FILE__);



------

##################################################################
#Plume CMS 1.2.2 < = RFi Vulnerabilities
#

#Download :http://prdownloads.sourceforge.net/pxsystem/plume-1.2.2.zip?download

#
#Script Name : Plume CMS 1.2.2
#
#
##################################################################
#
#Coded By : KaRTaL
#
#
#Contact : k4rtal[at]gmail[dot]com
#
#
##################################################################
#
#V.Code in : plume\manager\articles.php
#
#

# require_once$_PX_config['manager_path'].'/inc/class.article.php';

#
#

#Exploit :www.target.com/manager/articles.php?_PX_config[manager_path]=[shell]

#
#
##################################################################
#
#

#Gretz : TiT , Doublekickx , str0ke , DermanTukr , M3rhametsiz , CaCa ,Gurkan142 , www.istikla-team.org

#
#
#
#
##################################################################

By Date By Thread

Current thread:

false: Plume CMS 1.2.2 < = RFi Vulnerabilities Stuart Moore (Feb 16)